asked on Group policy win 2008 w/ XP SP3 workstations - how to prevent users from deleting files from Drive C:?
Group policy win 2008 w/ XP SP3 workstations - how to prevent users from deleting files from Drive C:?
It's a bit urgent, thx in advance.
It's a bit urgent, thx in advance.
Windows Server 2008Active DirectoryIT Administration
Last Comment
MarkieS
ASKER
Thx for the swift reply.
I need those users to be local admin for other reasons, is there a more elegant way?
I thought of using NTFS permissions.
I need those users to be local admin for other reasons, is there a more elegant way?
I thought of using NTFS permissions.
Hi, you can use two way to achive this what you want.
1. You can use by Group policy, simple described here http://mcpmag.com/articles/2008/10/13/file-permissions-thru-group-policy.aspx
2. You can use startup script (which I prefer) with cacls or icacls command described here http://ss64.com/nt/cacls.html
1. You can use by Group policy, simple described here http://mcpmag.com/articles/2008/10/13/file-permissions-thru-group-policy.aspx
2. You can use startup script (which I prefer) with cacls or icacls command described here http://ss64.com/nt/cacls.html
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
You could try hiding the C: drive through Group policy
http://support.microsoft.com/kb/231289
but that's the problem with making users Local Admin.
http://support.microsoft.com/kb/231289
but that's the problem with making users Local Admin.
NTFS permission is the best option for this scenario.
As a different angle, can you explicitly grant the users the permissions for which they currently need local admin rights? You say they need it "for other reasons", but what other reasons are those? It may be cleaner to make the users regular domain users, and then explicitly give them the rights they need so you don't have to grant them local admin, which has any number of other implications.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER
Hi experts
Any other ideas ?
Any other ideas ?
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
Jan MA CCNA