Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 438
  • Last Modified:

Deny access to save files on local system

Hi,

We have denied access to local drives for all users through Group Policy, How ever Users are able to save data on their desktops is there any Way where I can deny save access on desktop as well?
0
Seshadrim
Asked:
Seshadrim
1 Solution
 
CluskittCommented:
Go to C:\Documents and Settings\<username> and right click the Desktop folder, then remove write permissions to the user.
0
 
pvlierCommented:
You can use group policy to prevent this. Most settings are found here:
- User Configuration
- Administrative Templates
- Desktop
You can also redirect the desktop folder to the server and set rights to read-only on those folders. More info here: http://www.petri.co.il/forums/showthread.php?t=274
0
 
SeshadrimAuthor Commented:
@Cluskitt : this would not be Possible as we have near about 2000 users using multiple Desktops.

@ Pvlier : I have Already Checked the group policy. I couldn't find any options related to this. Also The Main reason for this is I Don't Want to provide save rights to any of the users.
0
Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

 
SeshadrimAuthor Commented:
On Further trouble shooting I Found that when a User Logs in to a System and his Profile gets created on the System by default he gets full access to his profile folder.

Hence if any One can provide the Option / script to Set the access permission to read-only for desktop folder under user profile it will solve the issue.

The Script can be can be implemented as userlogon Script through Group Policy
0
 
pvlierCommented:
I believe it was set here but the site doesn't open?? Searched in my history so could be the wrong one:
http://www.petri.co.il/forums/showthread.php?p=549#post549 
0
 
SeshadrimAuthor Commented:
Hi Pvlier:

Thanks for the Post. i went through the link that you provided But as per my Understanding xcacls utility is supported only on 2000 OS. But we use Win XP Pro as Desktop OS ans Win2K8 as Server OS. Kindly Clarify.
0
 
pvlierCommented:
Hi Seshadrim,
xcacls is supported on winxp: http://www.microsoft.com/downloads/details.aspx?familyid=0ad33a24-0616-473c-b103-c35bc2820bda&displaylang=en
You can put it in the logon-script so it changes rights for the user back to readonly. Put the xcacls.exe in the netlogon folder and put the following in the login-script (giving system en admins full rights and the user read+execute rights):
%LOGONSERVER%\Netlogon\xcacls "%USERPROFILE%\Desktop" /P "%USERDOMAIN%\%USERNAME%":RX Administrators:F System:F /Y
0
 
TolomirAdministratorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now