• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1082
  • Last Modified:

GPO to limit files saved locally on a workstation?

I have a new one!

We have Roaming Profiles and now folder re-directions going, all our our workstations are Windows 7 Pro x64 and we have Server 2008 x64 as our back end AD/DC/DNS.

I have disabled USB devices for most of our office as they are not needed, i have various filtering on our untangle to block what we dont want.

Now the issue i have is, i have the music / video folders for people redirected to a server, however people are saving MP3 files to other folders such as their desktop, or my documents that they got from people over skype or that department has USB access.

I know i can block *.* server side, but is there a GPO that can be set to no allow people to save specific extensions to locations on their workstation systems?

Deny anyone from saving a *.mp3 to their desktop, but allow it to be saved in their music folder ?

0
Mathiau
Asked:
Mathiau
  • 2
2 Solutions
 
johnb6767Commented:
I don't think client side has that ability, not without a mandatory profile ( using folder redirection), or a third party app.....
0
 
SandeshdubeySenior Server EngineerCommented:
You won't be able to prevent users from saving file types without spending some money but you can delete them after the fact with a script. I'm not too good with scripts but a google search will easily find a plethora of options.

You can also go 3rd party.Use Veritas (Symantec) Storage Exec (formerly known as Storage Central) which is disk quota and file blocking software. It has its share of bugs but for the most part, the software does what it's supposed to.

I personally won’t worry about what people saves to there desktop /laptop . Anybody would like to watch a good movie or listen to music when fed up with work .

It is totally different when they save files to a server. But for this situation I can chosse between several solutions to prevent unwanted resources to be stored on the network share.
One of them is implementing file screening management included in Windows 2003 R2 and win2008 .
http://www.techrepublic.com/blog/datacenter/prevent-users-from-storing-mp3-files-on-your-windows-server-2003/201

Best Practice: Roaming Profiles and Folder Redirectionalization:
http://www.grouppolicy.biz/2010/08/best-practice-roaming-profiles-and-folder-redirection-a-k-a-user-virtualization/
0
 
MathiauAuthor Commented:
I was afraid that would be the answer john6767, i am going to do server side blocking so people don't use up space with personal items for sure, just working out the kinks of my folder redirection stuff to be as secure as possible so of course having fun times getting the permissions just right.

Thanks for the links Sandesdubey
0
 
MathiauAuthor Commented:
good answers and good links.
0

Featured Post

Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now