Solved

GPO to limit files saved locally on a workstation?

Posted on 2011-09-29
4
1,059 Views
Last Modified: 2012-05-12
I have a new one!

We have Roaming Profiles and now folder re-directions going, all our our workstations are Windows 7 Pro x64 and we have Server 2008 x64 as our back end AD/DC/DNS.

I have disabled USB devices for most of our office as they are not needed, i have various filtering on our untangle to block what we dont want.

Now the issue i have is, i have the music / video folders for people redirected to a server, however people are saving MP3 files to other folders such as their desktop, or my documents that they got from people over skype or that department has USB access.

I know i can block *.* server side, but is there a GPO that can be set to no allow people to save specific extensions to locations on their workstation systems?

Deny anyone from saving a *.mp3 to their desktop, but allow it to be saved in their music folder ?

0
Comment
Question by:Mathiau
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 100 total points
ID: 36818450
I don't think client side has that ability, not without a mandatory profile ( using folder redirection), or a third party app.....
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 400 total points
ID: 36869067
You won't be able to prevent users from saving file types without spending some money but you can delete them after the fact with a script. I'm not too good with scripts but a google search will easily find a plethora of options.

You can also go 3rd party.Use Veritas (Symantec) Storage Exec (formerly known as Storage Central) which is disk quota and file blocking software. It has its share of bugs but for the most part, the software does what it's supposed to.

I personally won’t worry about what people saves to there desktop /laptop . Anybody would like to watch a good movie or listen to music when fed up with work .

It is totally different when they save files to a server. But for this situation I can chosse between several solutions to prevent unwanted resources to be stored on the network share.
One of them is implementing file screening management included in Windows 2003 R2 and win2008 .
http://www.techrepublic.com/blog/datacenter/prevent-users-from-storing-mp3-files-on-your-windows-server-2003/201

Best Practice: Roaming Profiles and Folder Redirectionalization:
http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
0
 
LVL 2

Author Comment

by:Mathiau
ID: 36894453
I was afraid that would be the answer john6767, i am going to do server side blocking so people don't use up space with personal items for sure, just working out the kinks of my folder redirection stuff to be as secure as possible so of course having fun times getting the permissions just right.

Thanks for the links Sandesdubey
0
 
LVL 2

Author Closing Comment

by:Mathiau
ID: 36894456
good answers and good links.
0

Featured Post

Ready to get started with anonymous questions?

It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question