• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 435
  • Last Modified:

Deny access to save files on local system

Hi,

We have denied access to local drives for all users through Group Policy, How ever Users are able to save data on their desktops is there any Way where I can deny save access on desktop as well?
0
Seshadrim
Asked:
Seshadrim
1 Solution
 
CluskittCommented:
Go to C:\Documents and Settings\<username> and right click the Desktop folder, then remove write permissions to the user.
0
 
pvlierCommented:
You can use group policy to prevent this. Most settings are found here:
- User Configuration
- Administrative Templates
- Desktop
You can also redirect the desktop folder to the server and set rights to read-only on those folders. More info here: http://www.petri.co.il/forums/showthread.php?t=274
0
 
SeshadrimAuthor Commented:
@Cluskitt : this would not be Possible as we have near about 2000 users using multiple Desktops.

@ Pvlier : I have Already Checked the group policy. I couldn't find any options related to this. Also The Main reason for this is I Don't Want to provide save rights to any of the users.
0
Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

 
SeshadrimAuthor Commented:
On Further trouble shooting I Found that when a User Logs in to a System and his Profile gets created on the System by default he gets full access to his profile folder.

Hence if any One can provide the Option / script to Set the access permission to read-only for desktop folder under user profile it will solve the issue.

The Script can be can be implemented as userlogon Script through Group Policy
0
 
pvlierCommented:
I believe it was set here but the site doesn't open?? Searched in my history so could be the wrong one:
http://www.petri.co.il/forums/showthread.php?p=549#post549 
0
 
SeshadrimAuthor Commented:
Hi Pvlier:

Thanks for the Post. i went through the link that you provided But as per my Understanding xcacls utility is supported only on 2000 OS. But we use Win XP Pro as Desktop OS ans Win2K8 as Server OS. Kindly Clarify.
0
 
pvlierCommented:
Hi Seshadrim,
xcacls is supported on winxp: http://www.microsoft.com/downloads/details.aspx?familyid=0ad33a24-0616-473c-b103-c35bc2820bda&displaylang=en
You can put it in the logon-script so it changes rights for the user back to readonly. Put the xcacls.exe in the netlogon folder and put the following in the login-script (giving system en admins full rights and the user read+execute rights):
%LOGONSERVER%\Netlogon\xcacls "%USERPROFILE%\Desktop" /P "%USERDOMAIN%\%USERNAME%":RX Administrators:F System:F /Y
0
 
TolomirAdministratorCommented:
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now