[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

restrict network drive at computer

Posted on 2010-01-07
4
Medium Priority
?
528 Views
Last Modified: 2012-05-08
Within my network users have access to a specific network drive, ie:  \\server\share via login script which assigns that drive as "F:".  In one specific Computer OU, I want to remove access to that share/drive, but users need to access this drive everywhere else in the network when they login.  Is there a GPO that I can add to that OU to keep people from accessing that network share while using a specific group of computers?  
0
Comment
Question by:lancecurwensville
4 Comments
 
LVL 59

Accepted Solution

by:
Darius Ghassem earned 252 total points
ID: 26201350
You would need to setup Group Policy loopback processing. I believe this should restrict the logon script.

http://support.microsoft.com/kb/231287

http://technet.microsoft.com/en-us/library/cc978513.aspx

http://technet.microsoft.com/en-us/library/bb742376.aspx
0
 
LVL 19

Assisted Solution

by:PeteJThomas
PeteJThomas earned 248 total points
ID: 26201353
Ok, so basically, regardless of the user account, you just want to stop ANY users that are logged on to a SPECIFIC set of computers from accessing the F:\ drive?

If so, you should separate all the computers in to their own OU.

Then link a loopback policy to that OU only (just a normal policy, and ENABLE the setting Comp Config > Admin Templates > System > Group Policy > "Enable User group policy loopback processing" in REPLACE mode.).

Along with the above setting, add a log on script that removes the mapped drive or something. (i.e. net use F: /delete)

This will ensure that the script runs whenever ANY user logs on to ANY computer that is within the OU the policy is linked to.

I'm not sure if simply removing the mapped drive will suffice in your eyes, but I don't think you can really 'lock it down' as such - So it just comes down to whether or not you think the users would be able to either remap the drive manually, or access it via the UNC path or whatever...

What do you think?

Pete
0
 
LVL 33

Expert Comment

by:NJComputerNetworks
ID: 26203458
You may also want to try this technique... see screen shot in link to remove drive letter:  http://blogs.technet.com/grouppolicy/archive/2009/02/11/gp-preferences-will-reduce-logon-scripts-mapping-drives.aspx
0
 
LVL 8

Author Closing Comment

by:lancecurwensville
ID: 31674042
Both of the comments were dead on.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you’re involved with your company’s wide area network (WAN), you’ve probably heard about SD-WANs. They’re the “boy wonder” of networking, ostensibly allowing companies to replace expensive MPLS lines with low-cost Internet access. But, are they …
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question