Solved

On specific computers, we'd like to override a domain-wide policy that disallows C: access by user. Possible?

Posted on 2012-03-15
6
382 Views
Last Modified: 2012-04-11
We have most of users' ability to access the C: blocked. We have a specific application that requires C: drive access so we wanted to allow that access but only on specific computers. What are some recommendations to override this User Policy to disallow C: access on specific computers?
0
Comment
Question by:achapman5
6 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 37726649
Not going to be pretty but on those machines enable loopback processing then have a user policy applied that allows access

More on loopback here

http://www.sdmsoftware.com/general-stuff/please-explain-loopback-processing/

Thanks

Mike
0
 
LVL 6

Assisted Solution

by:vmagan
vmagan earned 250 total points
ID: 37726673
Mkline is correct. The loopback policy will take the user gpo settings and apply it to the machine that user is working on. So if they have access to view the C: drive it will override.

Best way to get it done.
0
 

Author Comment

by:achapman5
ID: 37727126
Thanks guys. I'll embark on this and respond with my successes/failures.
0
 
LVL 54

Expert Comment

by:McKnife
ID: 37727422
Hi achapman5.

Could you specify what type of access you blocked (and why) and what type of access these users will need? Because I wonder what you tried to achieve by blocking "access" in the first place. If you simply denied write access it should be obvious how to undo that. If however you hid the drive from display in windows explorer, it's no real protection.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question