Solved

GPO to limit files saved locally on a workstation?

Posted on 2011-09-29
4
1,031 Views
Last Modified: 2012-05-12
I have a new one!

We have Roaming Profiles and now folder re-directions going, all our our workstations are Windows 7 Pro x64 and we have Server 2008 x64 as our back end AD/DC/DNS.

I have disabled USB devices for most of our office as they are not needed, i have various filtering on our untangle to block what we dont want.

Now the issue i have is, i have the music / video folders for people redirected to a server, however people are saving MP3 files to other folders such as their desktop, or my documents that they got from people over skype or that department has USB access.

I know i can block *.* server side, but is there a GPO that can be set to no allow people to save specific extensions to locations on their workstation systems?

Deny anyone from saving a *.mp3 to their desktop, but allow it to be saved in their music folder ?

0
Comment
Question by:Mathiau
  • 2
4 Comments
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 100 total points
ID: 36818450
I don't think client side has that ability, not without a mandatory profile ( using folder redirection), or a third party app.....
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 400 total points
ID: 36869067
You won't be able to prevent users from saving file types without spending some money but you can delete them after the fact with a script. I'm not too good with scripts but a google search will easily find a plethora of options.

You can also go 3rd party.Use Veritas (Symantec) Storage Exec (formerly known as Storage Central) which is disk quota and file blocking software. It has its share of bugs but for the most part, the software does what it's supposed to.

I personally won’t worry about what people saves to there desktop /laptop . Anybody would like to watch a good movie or listen to music when fed up with work .

It is totally different when they save files to a server. But for this situation I can chosse between several solutions to prevent unwanted resources to be stored on the network share.
One of them is implementing file screening management included in Windows 2003 R2 and win2008 .
http://www.techrepublic.com/blog/datacenter/prevent-users-from-storing-mp3-files-on-your-windows-server-2003/201

Best Practice: Roaming Profiles and Folder Redirectionalization:
http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
0
 
LVL 2

Author Comment

by:Mathiau
ID: 36894453
I was afraid that would be the answer john6767, i am going to do server side blocking so people don't use up space with personal items for sure, just working out the kinks of my folder redirection stuff to be as secure as possible so of course having fun times getting the permissions just right.

Thanks for the links Sandesdubey
0
 
LVL 2

Author Closing Comment

by:Mathiau
ID: 36894456
good answers and good links.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On some Windows 7 (SP1) computers, Windows Update becomes super slow even the computer is reasonably fast.  There's one solution that seemed to have worked well for me (after trying a few other suggested solutions).
In-place Upgrading Dirsync to Azure AD Connect
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question