I've got a netowrk with 10 systems. All have Win XP Professional and Windows 2003 Enterprise Server. There's a small security constraint that I'd like to enforce on my users that is I want to restrict them access from writing to the C: drive. They should be able to read on C: dirve and write on their Desktop or My Documents. But no where else in C: Drive.
How can I enforce such a constraint on all my systems, do I have to such a setting one by one on each PC or through Group Policy or something.