Link to home
Start Free TrialLog in
Avatar of IT_Group1
IT_Group1Flag for Israel

asked on

Group policy win 2008 w/ XP SP3 workstations - how to prevent users from deleting files from Drive C:?

Group policy win 2008 w/ XP SP3 workstations - how to prevent users from deleting files from Drive C:?

It's a bit urgent, thx in advance.
Avatar of JAN PAKULA
JAN PAKULA
Flag of United Kingdom of Great Britain and Northern Ireland image

dont give them local admin rights or power user rights - just domain user rights- they shouldnt be able to delete it then

Jan MA CCNA
Avatar of IT_Group1

ASKER

Thx for the swift reply.
I need those users to be local admin for other reasons, is there a more elegant way?

I thought of using NTFS permissions.
Avatar of namanov
namanov

Hi, you can use two way to achive this what you want.
1. You can use by Group policy, simple described here http://mcpmag.com/articles/2008/10/13/file-permissions-thru-group-policy.aspx
2. You can use startup script (which I prefer) with cacls or icacls command described here http://ss64.com/nt/cacls.html
You could try hiding the C: drive through Group policy

http://support.microsoft.com/kb/231289

but that's the problem with making users Local Admin.
NTFS permission is the best option for this scenario.
Avatar of Ryan McCauley
As a different angle, can you explicitly grant the users the permissions for which they currently need local admin rights? You say they need it "for other reasons", but what other reasons are those? It may be cleaner to make the users regular domain users, and then explicitly give them the rights they need so you don't have to grant them local admin, which has any number of other implications.
Hi experts

Any other ideas ?
ASKER CERTIFIED SOLUTION
Avatar of MarkieS
MarkieS
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial