This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.
COURSE of the MONTH
11 days, 16 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Group policy win 2008 w/ XP SP3 workstations - how to prevent users from deleting files from Drive C:?
Posted on 2011-03-09
Group policy win 2008 w/ XP SP3 workstations - how to prevent users from deleting files from Drive C:?
It's a bit urgent, thx in advance.
It's a bit urgent, thx in advance.
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
2-
2
- +3
8 Comments
dont give them local admin rights or power user rights - just domain user rights- they shouldnt be able to delete it then
Jan MA CCNA
Jan MA CCNA
Active 4 days ago
Thx for the swift reply.
I need those users to be local admin for other reasons, is there a more elegant way?
I thought of using NTFS permissions.
I need those users to be local admin for other reasons, is there a more elegant way?
I thought of using NTFS permissions.
Hi, you can use two way to achive this what you want.
1. You can use by Group policy, simple described here http://mcpmag.com/articles/2008/10/13/file-permissions-thru-group-policy.aspx
2. You can use startup script (which I prefer) with cacls or icacls command described here http://ss64.com/nt/cacls.html
1. You can use by Group policy, simple described here http://mcpmag.com/articles/2008/10/13/file-permissions-thru-group-policy.aspx
2. You can use startup script (which I prefer) with cacls or icacls command described here http://ss64.com/nt/cacls.html
You could try hiding the C: drive through Group policy
http://support.microsoft.com/kb/231289
but that's the problem with making users Local Admin.
http://support.microsoft.com/kb/231289
but that's the problem with making users Local Admin.
As a different angle, can you explicitly grant the users the permissions for which they currently need local admin rights? You say they need it "for other reasons", but what other reasons are those? It may be cleaner to make the users regular domain users, and then explicitly give them the rights they need so you don't have to grant them local admin, which has any number of other implications.
Hi,
The ideas given will all work depending on your scenario.
You need to give a long list of feedback against each suggestion offered, outlining reasons why the suggestion will not work. Then work to find a resolution.
1. Group Policy to Hide C:
2. Group Policy to explicitly "Allow access" with the user as a Domain user only
3. CALCS - Startup script
4. NTFS Permissions
In my opinion, Option 2 is the most streamline. Make the users Domain User only and explicitly grant them rights to files/folders/registry by using Group Policy.
But if this doesnt work in your scenario you need to say why.
cheers
The ideas given will all work depending on your scenario.
You need to give a long list of feedback against each suggestion offered, outlining reasons why the suggestion will not work. Then work to find a resolution.
1. Group Policy to Hide C:
2. Group Policy to explicitly "Allow access" with the user as a Domain user only
3. CALCS - Startup script
4. NTFS Permissions
In my opinion, Option 2 is the most streamline. Make the users Domain User only and explicitly grant them rights to files/folders/registry by using Group Policy.
But if this doesnt work in your scenario you need to say why.
cheers
Featured Post
Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies. Only from Platform Scholar.
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
New style of hardware planning for Microsoft Exchange server.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten.
The USB drive must be s…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses
Course of the Month11 days, 16 hours left to enroll
752 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.