Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

GPO to limit files saved locally on a workstation?

Posted on 2011-09-29
4
Medium Priority
?
1,078 Views
Last Modified: 2012-05-12
I have a new one!

We have Roaming Profiles and now folder re-directions going, all our our workstations are Windows 7 Pro x64 and we have Server 2008 x64 as our back end AD/DC/DNS.

I have disabled USB devices for most of our office as they are not needed, i have various filtering on our untangle to block what we dont want.

Now the issue i have is, i have the music / video folders for people redirected to a server, however people are saving MP3 files to other folders such as their desktop, or my documents that they got from people over skype or that department has USB access.

I know i can block *.* server side, but is there a GPO that can be set to no allow people to save specific extensions to locations on their workstation systems?

Deny anyone from saving a *.mp3 to their desktop, but allow it to be saved in their music folder ?

0
Comment
Question by:Mathiau
  • 2
4 Comments
 
LVL 66

Assisted Solution

by:johnb6767
johnb6767 earned 400 total points
ID: 36818450
I don't think client side has that ability, not without a mandatory profile ( using folder redirection), or a third party app.....
0
 
LVL 24

Accepted Solution

by:
Sandeshdubey earned 1600 total points
ID: 36869067
You won't be able to prevent users from saving file types without spending some money but you can delete them after the fact with a script. I'm not too good with scripts but a google search will easily find a plethora of options.

You can also go 3rd party.Use Veritas (Symantec) Storage Exec (formerly known as Storage Central) which is disk quota and file blocking software. It has its share of bugs but for the most part, the software does what it's supposed to.

I personally won’t worry about what people saves to there desktop /laptop . Anybody would like to watch a good movie or listen to music when fed up with work .

It is totally different when they save files to a server. But for this situation I can chosse between several solutions to prevent unwanted resources to be stored on the network share.
One of them is implementing file screening management included in Windows 2003 R2 and win2008 .
http://www.techrepublic.com/blog/datacenter/prevent-users-from-storing-mp3-files-on-your-windows-server-2003/201

Best Practice: Roaming Profiles and Folder Redirectionalization:
http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
0
 
LVL 2

Author Comment

by:Mathiau
ID: 36894453
I was afraid that would be the answer john6767, i am going to do server side blocking so people don't use up space with personal items for sure, just working out the kinks of my folder redirection stuff to be as secure as possible so of course having fun times getting the permissions just right.

Thanks for the links Sandesdubey
0
 
LVL 2

Author Closing Comment

by:Mathiau
ID: 36894456
good answers and good links.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows how to use a free utility called 'Parkdale' to easily test the performance and benchmark any Hard Drive(s) installed in your computer. We also look at RAM Disks and their speed comparisons.
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Suggested Courses

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question