?
Solved

Deny access to save files on local system

Posted on 2010-09-06
9
Medium Priority
?
432 Views
Last Modified: 2013-12-04
Hi,

We have denied access to local drives for all users through Group Policy, How ever Users are able to save data on their desktops is there any Way where I can deny save access on desktop as well?
0
Comment
Question by:Seshadrim
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 18

Expert Comment

by:Cluskitt
ID: 33612376
Go to C:\Documents and Settings\<username> and right click the Desktop folder, then remove write permissions to the user.
0
 
LVL 8

Expert Comment

by:pvlier
ID: 33612378
You can use group policy to prevent this. Most settings are found here:
- User Configuration
- Administrative Templates
- Desktop
You can also redirect the desktop folder to the server and set rights to read-only on those folders. More info here: http://www.petri.co.il/forums/showthread.php?t=274
0
 

Author Comment

by:Seshadrim
ID: 33612437
@Cluskitt : this would not be Possible as we have near about 2000 users using multiple Desktops.

@ Pvlier : I have Already Checked the group policy. I couldn't find any options related to this. Also The Main reason for this is I Don't Want to provide save rights to any of the users.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:Seshadrim
ID: 33612455
On Further trouble shooting I Found that when a User Logs in to a System and his Profile gets created on the System by default he gets full access to his profile folder.

Hence if any One can provide the Option / script to Set the access permission to read-only for desktop folder under user profile it will solve the issue.

The Script can be can be implemented as userlogon Script through Group Policy
0
 
LVL 8

Expert Comment

by:pvlier
ID: 33612548
I believe it was set here but the site doesn't open?? Searched in my history so could be the wrong one:
http://www.petri.co.il/forums/showthread.php?p=549#post549 
0
 

Author Comment

by:Seshadrim
ID: 33619288
Hi Pvlier:

Thanks for the Post. i went through the link that you provided But as per my Understanding xcacls utility is supported only on 2000 OS. But we use Win XP Pro as Desktop OS ans Win2K8 as Server OS. Kindly Clarify.
0
 
LVL 8

Accepted Solution

by:
pvlier earned 200 total points
ID: 33619406
Hi Seshadrim,
xcacls is supported on winxp: http://www.microsoft.com/downloads/details.aspx?familyid=0ad33a24-0616-473c-b103-c35bc2820bda&displaylang=en
You can put it in the logon-script so it changes rights for the user back to readonly. Put the xcacls.exe in the netlogon folder and put the following in the login-script (giving system en admins full rights and the user read+execute rights):
%LOGONSERVER%\Netlogon\xcacls "%USERPROFILE%\Desktop" /P "%USERDOMAIN%\%USERNAME%":RX Administrators:F System:F /Y
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 33999630
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Postmortem reporting allow us to examine mistakes in a way that focuses on the situational aspects of a failure’s mechanism and the decision-making process of individuals proximate to the failure. Read our guide on how to handle IT post-mortem repor…
Introducing Priority Question, our latest feature.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses
Course of the Month12 days, 13 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question