[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

How to prevent user to save files to Desktop and C: drive

Posted on 2012-09-05
7
Medium Priority
?
4,950 Views
Last Modified: 2012-09-19
Hello,

I just installed two Windows 7 machines with 250GB SSD drives and 500GB sata drives for data.

 I want to prevent users from saving files in the C: drive (which is the ssd one), for example - what is on the desktop to be actually on the second drive, C: drive to be invisible for the user and etc.

Thank you in advance for the ideas.
0
Comment
Question by:goliveuk
  • 3
  • 3
7 Comments
 
LVL 47

Expert Comment

by:David
ID: 38367567
Absolutely NO way to do this.
0
 
LVL 69

Expert Comment

by:Callandor
ID: 38367724
0
 
LVL 47

Expert Comment

by:David
ID: 38367983
But group policy to hide C will fail if user doesn't log into the AD, and/or there isn't AD.  

Any application that uses the registry will still be able to make changes to C:, because windows doesn't have the capability to write protect the boot drive.

Any application that uses TMP or TEMP space will still be able to write to C:
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 
LVL 69

Assisted Solution

by:Callandor
Callandor earned 1332 total points
ID: 38368542
0
 
LVL 47

Accepted Solution

by:
David earned 668 total points
ID: 38368671
Fair enough, Callandor.  My perspective is based on a user who wants to write to the C:\ drive, yours is from a user who wants to play by the rules

I guess I'm just more of a hacker than you are ;)

Curious -- Let's assume nobody writes a program, they play nice, log into the domain, and privileges are restricted.

Will this *really* even work enough to be practical?  I can't imagine too many programs even running properly if you restrict the registry.  (P.S. you forgot to move the print spool and location of all the user's files /home directory)

It is a brilliant idea, and I'm not criticizing it, as it never occurred to me that one could even lock down the registry w/o the computer crashing eventually.  Is this something that was designed into Win7 ?

=======
I have an alternate solution, rather sneaky, somewhat painful, but possibly effective
 - Repartition so that you have area big enough to hold all the user files in another location
 - Rename boot drive letter to B:
 - Move all the personal files to the new partition, label it C:, (which is spirit of the answer, but if user still wants to prevent writing to C:, they could just as easily call it drive Z:).  But reason for using C is because that drive letter probably hardwired all over the place, so less work and fewer things wil blow up if you leave it that way.

Thoughts?
0
 
LVL 69

Assisted Solution

by:Callandor
Callandor earned 1332 total points
ID: 38369350
I did forget to include the user personal data and print spooler; here they are:
http://www.sevenforums.com/tutorials/87555-user-profile-change-default-location.html
http://www.techdug.com/move-the-directory-spool-in-windows-7

I actually want to write to the C: drive, as I need to upgrade vendor software and install my own custom code.  It is because I want to do this that I run into corporate lockdown policies and have to get exceptions, so I'm aware of them.

It seems to work well, as it facilitates the fairly quick restore when a user's hard drive crashes.  It is much easier to implement in Win7 than WinXP, since it mostly doesn't involve registry changes, so I assume Microsoft realized that a lot of people wanted this.

I don't think your proposed solution would work, since renaming the boot drive is not allowed in Windows.  Also, think of all the references to the boot drive and OS directories that would have to be changed - you had an inkling of the trouble in your last point.
0
 
LVL 84

Expert Comment

by:David Johnson, CD, MVP
ID: 38370435
a standard user cannot save to c:\  they can make a sub-directory and save to it on the c: drive into that subdirectory.. Hiding it from explorer using group policy is great

Drive Restrictions
Combine that with folder Redirection
Folder-Redirection.pdf
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
How much do you know about the future of data centers? If you're like 50% of organizations, then it's probably not enough. Read on to get up to speed on this emerging field.
This Micro Tutorial will teach you the basics of configuring your computer to improve its speed. It will also teach you how to disable programs that are running in the background simultaneously. This will be demonstrated using Windows 7 operating…
This Micro Tutorial will give you a basic overview of Windows Live Photo Gallery and show you various editing filters and touches to photos you can apply. This will be demonstrated using Windows Live Photo Gallery on Windows 7 operating system.
Suggested Courses
Course of the Month19 days, 11 hours left to enroll

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question