Solved

Deny access to save files on local system

Posted on 2010-09-06
9
424 Views
Last Modified: 2013-12-04
Hi,

We have denied access to local drives for all users through Group Policy, How ever Users are able to save data on their desktops is there any Way where I can deny save access on desktop as well?
0
Comment
Question by:Seshadrim
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 18

Expert Comment

by:Cluskitt
ID: 33612376
Go to C:\Documents and Settings\<username> and right click the Desktop folder, then remove write permissions to the user.
0
 
LVL 8

Expert Comment

by:pvlier
ID: 33612378
You can use group policy to prevent this. Most settings are found here:
- User Configuration
- Administrative Templates
- Desktop
You can also redirect the desktop folder to the server and set rights to read-only on those folders. More info here: http://www.petri.co.il/forums/showthread.php?t=274
0
 

Author Comment

by:Seshadrim
ID: 33612437
@Cluskitt : this would not be Possible as we have near about 2000 users using multiple Desktops.

@ Pvlier : I have Already Checked the group policy. I couldn't find any options related to this. Also The Main reason for this is I Don't Want to provide save rights to any of the users.
0
Free Webinar: AWS Backup & DR

Join our upcoming webinar with experts from AWS, CloudBerry Lab, and the Town of Edgartown IT to discuss best practices for simplifying online backup management and cutting costs.

 

Author Comment

by:Seshadrim
ID: 33612455
On Further trouble shooting I Found that when a User Logs in to a System and his Profile gets created on the System by default he gets full access to his profile folder.

Hence if any One can provide the Option / script to Set the access permission to read-only for desktop folder under user profile it will solve the issue.

The Script can be can be implemented as userlogon Script through Group Policy
0
 
LVL 8

Expert Comment

by:pvlier
ID: 33612548
I believe it was set here but the site doesn't open?? Searched in my history so could be the wrong one:
http://www.petri.co.il/forums/showthread.php?p=549#post549 
0
 

Author Comment

by:Seshadrim
ID: 33619288
Hi Pvlier:

Thanks for the Post. i went through the link that you provided But as per my Understanding xcacls utility is supported only on 2000 OS. But we use Win XP Pro as Desktop OS ans Win2K8 as Server OS. Kindly Clarify.
0
 
LVL 8

Accepted Solution

by:
pvlier earned 50 total points
ID: 33619406
Hi Seshadrim,
xcacls is supported on winxp: http://www.microsoft.com/downloads/details.aspx?familyid=0ad33a24-0616-473c-b103-c35bc2820bda&displaylang=en
You can put it in the logon-script so it changes rights for the user back to readonly. Put the xcacls.exe in the netlogon folder and put the following in the login-script (giving system en admins full rights and the user read+execute rights):
%LOGONSERVER%\Netlogon\xcacls "%USERPROFILE%\Desktop" /P "%USERDOMAIN%\%USERNAME%":RX Administrators:F System:F /Y
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 33999630
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OfficeMate Freezes on login or does not load after login credentials are input.
Are client relationship the only driver of a successful MSP? While important, client relationships are only one component. Learn how else MSPs can broaden their horizon and differentiate themselves.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question