Looking for suggestions on how to prevent users from saving certain file types to local drive/desktop
Posted on 2012-04-06
I keep coming across a common problem in my organization. I constantly am finding that several of my end-users will save business critical documents directly onto their hard disk as opposed to the network home directory that we provide for them. It strikes fear into my heart every time I see it because I know that, if the HDD dies or is overwritten, there would be no way in which to retrieve anything that they tell us later on that they absolutely need and no longer have. I figured that there would be some sort of easy way within Group Policy to prevent this, but I have been told that there is nothing as straightforward as I would like. A cursory google search did not really give me any straightforward answers either, at least not so far as what I precisely want to do. Therefore, I am opening the floor here to see if anyone has come up with a creative solution to this.
An additional wrinkle from the standpoint of my situation is this. . .there are some things that we do need for the local user to save/write locally from the standpoint of system files that are necessary for certain business applications to run. Therefore, I cannot simply lock everything down en masse (such as simply enforcing mandatory profiles by changing <ntuser.dat> to <ntuser.man>). I want to be able to granulate the restriction to things such as Word/Excel/Powerpoint/Access files as well as .PDF files