sanchitjoshan
asked on
Deny C: drive access to users
HI,
I've got a netowrk with 10 systems. All have Win XP Professional and Windows 2003 Enterprise Server. There's a small security constraint that I'd like to enforce on my users that is I want to restrict them access from writing to the C: drive. They should be able to read on C: dirve and write on their Desktop or My Documents. But no where else in C: Drive.
How can I enforce such a constraint on all my systems, do I have to such a setting one by one on each PC or through Group Policy or something.
Please Adivce.
Sanchit
I've got a netowrk with 10 systems. All have Win XP Professional and Windows 2003 Enterprise Server. There's a small security constraint that I'd like to enforce on my users that is I want to restrict them access from writing to the C: drive. They should be able to read on C: dirve and write on their Desktop or My Documents. But no where else in C: Drive.
How can I enforce such a constraint on all my systems, do I have to such a setting one by one on each PC or through Group Policy or something.
Please Adivce.
Sanchit
In addition to My Documents, you also have to allow access to the Pagefile, and possibly other system files.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can give each user separate accounts and plus create a extended partition to do their work and store data. And plus when they login to their own account, they will not have write permissions automatically to write in the C drive. Or, to be more extra careful, I would give the C drive to ONLY Administrators and SYSTEM Full access and DENY all users....And then having users ONLY to work with their OWN separate drive.
It would be like this when they logon to their OWN account.
C Drive= ADMINISTRATORS/SYSTEM= FULL CONTROL
G Drive= SYSTEM/USERS OR AUTHENTICATED USERS= FULL CONTROL
So, when they try to access the C Drive, it will give them an error message ACCESS DENIED, but they can still work the separate G Drive to store, bachup, and save all the data...
Cheers
js
C Drive= ADMINISTRATORS/SYSTEM= FULL CONTROL
G Drive= SYSTEM/USERS OR AUTHENTICATED USERS= FULL CONTROL
So, when they try to access the C Drive, it will give them an error message ACCESS DENIED, but they can still work the separate G Drive to store, bachup, and save all the data...
Cheers
js