Solved

On specific computers, we'd like to override a domain-wide policy that disallows C: access by user. Possible?

Posted on 2012-03-15
6
384 Views
Last Modified: 2012-04-11
We have most of users' ability to access the C: blocked. We have a specific application that requires C: drive access so we wanted to allow that access but only on specific computers. What are some recommendations to override this User Policy to disallow C: access on specific computers?
0
Comment
Question by:achapman5
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 250 total points
ID: 37726649
Not going to be pretty but on those machines enable loopback processing then have a user policy applied that allows access

More on loopback here

http://www.sdmsoftware.com/general-stuff/please-explain-loopback-processing/

Thanks

Mike
0
 
LVL 6

Assisted Solution

by:vmagan
vmagan earned 250 total points
ID: 37726673
Mkline is correct. The loopback policy will take the user gpo settings and apply it to the machine that user is working on. So if they have access to view the C: drive it will override.

Best way to get it done.
0
 

Author Comment

by:achapman5
ID: 37727126
Thanks guys. I'll embark on this and respond with my successes/failures.
0
 
LVL 55

Expert Comment

by:McKnife
ID: 37727422
Hi achapman5.

Could you specify what type of access you blocked (and why) and what type of access these users will need? Because I wonder what you tried to achieve by blocking "access" in the first place. If you simply denied write access it should be obvious how to undo that. If however you hid the drive from display in windows explorer, it's no real protection.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This process allows computer passwords to be managed and secured without using LAPS. This is an improvement on an existing process, enhanced to store password encrypted, instead of clear-text files within SQL
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question