Solved

GPO to limit files saved locally on a workstation?

Posted on 2011-09-29
4
1,047 Views
Last Modified: 2012-05-12
I have a new one!

We have Roaming Profiles and now folder re-directions going, all our our workstations are Windows 7 Pro x64 and we have Server 2008 x64 as our back end AD/DC/DNS.

I have disabled USB devices for most of our office as they are not needed, i have various filtering on our untangle to block what we dont want.

Now the issue i have is, i have the music / video folders for people redirected to a server, however people are saving MP3 files to other folders such as their desktop, or my documents that they got from people over skype or that department has USB access.

I know i can block *.* server side, but is there a GPO that can be set to no allow people to save specific extensions to locations on their workstation systems?

Deny anyone from saving a *.mp3 to their desktop, but allow it to be saved in their music folder ?

0
Comment
Question by:Mathiau
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 100 total points
ID: 36818450
I don't think client side has that ability, not without a mandatory profile ( using folder redirection), or a third party app.....
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 400 total points
ID: 36869067
You won't be able to prevent users from saving file types without spending some money but you can delete them after the fact with a script. I'm not too good with scripts but a google search will easily find a plethora of options.

You can also go 3rd party.Use Veritas (Symantec) Storage Exec (formerly known as Storage Central) which is disk quota and file blocking software. It has its share of bugs but for the most part, the software does what it's supposed to.

I personally won’t worry about what people saves to there desktop /laptop . Anybody would like to watch a good movie or listen to music when fed up with work .

It is totally different when they save files to a server. But for this situation I can chosse between several solutions to prevent unwanted resources to be stored on the network share.
One of them is implementing file screening management included in Windows 2003 R2 and win2008 .
http://www.techrepublic.com/blog/datacenter/prevent-users-from-storing-mp3-files-on-your-windows-server-2003/201

Best Practice: Roaming Profiles and Folder Redirectionalization:
http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
0
 
LVL 2

Author Comment

by:Mathiau
ID: 36894453
I was afraid that would be the answer john6767, i am going to do server side blocking so people don't use up space with personal items for sure, just working out the kinks of my folder redirection stuff to be as secure as possible so of course having fun times getting the permissions just right.

Thanks for the links Sandesdubey
0
 
LVL 2

Author Closing Comment

by:Mathiau
ID: 36894456
good answers and good links.
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article describes my battle tested process for setting up delegation. I use this process anywhere that I need to setup delegation. In the article I will show how it applies to Active Directory
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question