• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 299
  • Last Modified:

Limit Access to C:

Hey Guys,

Running Server 2003, Win XP

Before each user used to be the local admin of their own computers which allowed them to easily install anything they wanted on their workstations.

Now I have removed them from local admins...And would like to know how can I restrict them to save anything onto the c:. I have a quota on the profile. So that forces them to save important stuff onto their shares on the server, this is safe because server is always backed up.

I am just afraid that users might go and save all that instead on the c: somewhere.

What can I do so they can only save upto certain amount onto the c:?
0
Shivtek
Asked:
Shivtek
  • 3
  • 3
2 Solutions
 
ShivtekAuthor Commented:
Also would like to know if the system folders can be hidden for users...but programs can still access if      needed?
0
 
Donald StewartNetwork AdministratorCommented:
0
 
ShivtekAuthor Commented:
What about limiting their ability to write on c: and or setting a quota?

in GPO I found a setting for NTFS system quota, will that do it?
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 
Donald StewartNetwork AdministratorCommented:
the group policy I mentioned is explained a little better here


http://www.howtogeek.com/howto/8035/how-to-restrict-access-to-drive-in-my-computer-on-windows/
0
 
ShivtekAuthor Commented:
This would completely restrict access.

Can I limit access? Maybe for Quota? I found one setting in GPO for NTFS quote on the system. How does that work? Does the count start from when the policy is instated?
0
 
Donald StewartNetwork AdministratorCommented:
yes it would restrict access from them, but not programs that are installed or need access.

Why dont you use folder redirection?




http://windowsdevcenter.com/pub/a/windows/2004/08/24/folder_redirect.html
0
 
CharlesdCommented:
As per your update i understand:

-- You were concerned with the user might install any softwares as they were having local admin right of the system, so you had removed from the local admin to resolve the issue.
-- Then you were also concerned about the disk space that user might save "xyz" data and may fill up the C: and so you assigned the quota which resolved that too.
-- Further you are concerned that user may save the data from the server to some other drive or take out via USB drive. For this i suggest you to configure GPO to restrict access to other drive and also USB access restrict as menitoned by "dstewartjr:"
http://www.howtogeek.com/howto/8035/how-to-restrict-access-to-drive-in-my-computer-on-windows/
http://www.petri.co.il/disable_usb_disks_with_gpo.htm

Further let me know if any queries in details for me to know exactly what else you require and accordingly i may help you.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now