corporate data control/leakage - user policy review

What kind of policies do we need to look at (technical not HR policies) in terms of data protection - where data can get to who can access it who can take it where?

Could do with a big program on how to audit this or hints on common issues as to where companies have poor technical governance on how to control their corporate data to stop it getting into wrong hands / going offsite unencrypted etc

It is a windows environment mix of traditional workstations and some thin clients via citrix

The more areas to check the better
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pma111Author Commented:
*who can take it where on what (ie CD/unencrypted data)
If offshore users are using Citrix for accessing,then you can apply CItrix policies to restrict local drive mapping. So users local drive will not get mapped and they cannot save it to their local desktop. Similarly you can restrict drive access, share access on the servers which has sensitive information. Even mapped drives only with read or write. NTFS permission, basic window policies to hide drives can help.

Also if users are using remote desktop or citrix, then can save their sensitive datas to profile. In such cases folder redirection policies can be applied so it can be saved only to their home drives when they log out of the servers. So datas of one users cannot be seen by other.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
pma111Author Commented:
Can you use group policy to restrict local drive "saving too" opn traditional windows workstations?

If so how - is it in admin templates anywhere?

Does it cause any problems if people cant save stuff locally? Like patches wanting to apply onto local disk etc.
In this case Digital Right Management is a way to go.
I've used drm packages to control and keep track of our company sensitive information and documents just like your scenario.

Our main concern was our PDF Documents so we've used PDF OwnerGuard. According to our needs, Advanced edition was the best choice. Protected pdfs act like standard pdfs accessible using Adobe Reader, however they're locked to specific computers within the company. Users can copy the protected documents but as long as they're encrypted, they're useless on UN-authorized computers.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.