2008 ad restriction help

Posted on 2009-02-09
Last Modified: 2012-05-06
I am looking for a method to lock down a user's ability to open files from folders other than their home folder.  The desktop is Server 2008 Terminal Server (Vista).  The applications (for now) are the Microsoft Office suite.  I can setup GPOs.  The office ADMs don't offer much in the way of security.  I am trying to block a user's abiltiy from clicking on File\Open and type in a UNC path to open from another fileserver\share.  Or even, select the C:\ drive.  I just want them to be able to open files from their H:\ (home) drive.
Question by:zenworksb
    LVL 58

    Expert Comment


    You need to make full use of NTFS Security on your data shares to achieve that. You need to ensure that on each user's home folder, only that user - and Administrative users if appropriate - are listed with access privileges.

    LVL 57

    Accepted Solution

    We had a similar issue on our citrix environment.  We ended up just hiding the other drives.  When they log in they don't even see a C drive.
    We did this using group policy
     Using Group Policy Objects to hide specified drives
    Never tried restricting all UNC mappings, I'll try and research that.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
    Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
    This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    17 Experts available now in Live!

    Get 1:1 Help Now