Solved

Deny access to save files on local system

Posted on 2010-09-06
9
417 Views
Last Modified: 2013-12-04
Hi,

We have denied access to local drives for all users through Group Policy, How ever Users are able to save data on their desktops is there any Way where I can deny save access on desktop as well?
0
Comment
Question by:Seshadrim
9 Comments
 
LVL 18

Expert Comment

by:Cluskitt
ID: 33612376
Go to C:\Documents and Settings\<username> and right click the Desktop folder, then remove write permissions to the user.
0
 
LVL 8

Expert Comment

by:pvlier
ID: 33612378
You can use group policy to prevent this. Most settings are found here:
- User Configuration
- Administrative Templates
- Desktop
You can also redirect the desktop folder to the server and set rights to read-only on those folders. More info here: http://www.petri.co.il/forums/showthread.php?t=274
0
 

Author Comment

by:Seshadrim
ID: 33612437
@Cluskitt : this would not be Possible as we have near about 2000 users using multiple Desktops.

@ Pvlier : I have Already Checked the group policy. I couldn't find any options related to this. Also The Main reason for this is I Don't Want to provide save rights to any of the users.
0
 

Author Comment

by:Seshadrim
ID: 33612455
On Further trouble shooting I Found that when a User Logs in to a System and his Profile gets created on the System by default he gets full access to his profile folder.

Hence if any One can provide the Option / script to Set the access permission to read-only for desktop folder under user profile it will solve the issue.

The Script can be can be implemented as userlogon Script through Group Policy
0
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

 
LVL 8

Expert Comment

by:pvlier
ID: 33612548
I believe it was set here but the site doesn't open?? Searched in my history so could be the wrong one:
http://www.petri.co.il/forums/showthread.php?p=549#post549 
0
 

Author Comment

by:Seshadrim
ID: 33619288
Hi Pvlier:

Thanks for the Post. i went through the link that you provided But as per my Understanding xcacls utility is supported only on 2000 OS. But we use Win XP Pro as Desktop OS ans Win2K8 as Server OS. Kindly Clarify.
0
 
LVL 8

Accepted Solution

by:
pvlier earned 50 total points
ID: 33619406
Hi Seshadrim,
xcacls is supported on winxp: http://www.microsoft.com/downloads/details.aspx?familyid=0ad33a24-0616-473c-b103-c35bc2820bda&displaylang=en
You can put it in the logon-script so it changes rights for the user back to readonly. Put the xcacls.exe in the netlogon folder and put the following in the login-script (giving system en admins full rights and the user read+execute rights):
%LOGONSERVER%\Netlogon\xcacls "%USERPROFILE%\Desktop" /P "%USERDOMAIN%\%USERNAME%":RX Administrators:F System:F /Y
0
 
LVL 27

Expert Comment

by:Tolomir
ID: 33999630
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Server 2012 R2 - Start Menu Username is wrong 25 109
Possibility of Outlook running on Linux 6 108
JItbit AD intergration 4 75
Penetration Testing home based work 3 41
As a long-time IT Professional, the most important skill I have developed and consider to be my most valuable tool is Effective Troubleshooting. Step through my problem-solving procedure in this 10-step guide adapted from The Universal Troubleshooti…
Email signature management is something that is often overlooked in many organizations or is simply not implemented effectively. Let's take a look at what methods are available for managing this important piece of corporate branding.
This tutorial demonstrates a quick way of adding group price to multiple Magento products.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now