Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

On specific computers, we'd like to override a domain-wide policy that disallows C: access by user. Possible?

Posted on 2012-03-15
6
Medium Priority
?
386 Views
Last Modified: 2012-04-11
We have most of users' ability to access the C: blocked. We have a specific application that requires C: drive access so we wanted to allow that access but only on specific computers. What are some recommendations to override this User Policy to disallow C: access on specific computers?
0
Comment
Question by:achapman5
6 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 1000 total points
ID: 37726649
Not going to be pretty but on those machines enable loopback processing then have a user policy applied that allows access

More on loopback here

http://www.sdmsoftware.com/general-stuff/please-explain-loopback-processing/

Thanks

Mike
0
 
LVL 6

Assisted Solution

by:vmagan
vmagan earned 1000 total points
ID: 37726673
Mkline is correct. The loopback policy will take the user gpo settings and apply it to the machine that user is working on. So if they have access to view the C: drive it will override.

Best way to get it done.
0
 

Author Comment

by:achapman5
ID: 37727126
Thanks guys. I'll embark on this and respond with my successes/failures.
0
 
LVL 57

Expert Comment

by:McKnife
ID: 37727422
Hi achapman5.

Could you specify what type of access you blocked (and why) and what type of access these users will need? Because I wonder what you tried to achieve by blocking "access" in the first place. If you simply denied write access it should be obvious how to undo that. If however you hid the drive from display in windows explorer, it's no real protection.
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question