Solved

Restricting the save option

Posted on 2013-01-17
2
323 Views
Last Modified: 2013-01-24
Dear Admins,

I need an group policy option so that any of the users do not save any thing on there system or on the desktop.  if they would try to save any thing they should get an alert/error message stating that you are not authorised to save it on this system.

regards,
venkat.
0
Comment
Question by:venkatspb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Accepted Solution

by:
helpfinder earned 500 total points
ID: 38791941
Hi,
I am posting answer from MS technet:

To prevent Desktop saving you can do 1 of 2 things.

1> Enable Mandatory Profiles. This gives users access to save on the desktop for as long as they are logged in BUT when they logoff the entire profile is deleted including the desktop folder.

2> Enable Folder Redirection for the Desktop. This can be done with either Roaming Profiles or Local Profiles. If using Roaming Profiles redirect the users to their Profile Desktop location on the server. Eg. profiles are stored at \\server\profiles$\username  Redirect to \\server\profiles$\username\Desktop.  However, it would depend also if you are using mandatory profiles (where hundreds of users are using the same read-only profile) or just roaming profiles.

If you are running Windows 2003 R2 or later you have the File Server Resource Manager as a part of the OS. Usually it is installed separately though. I have it installed on my file servers.
http://technet.microsoft.com/en-us/library/cc754810.aspx

What this does is give you the abililty to prevet ANY saving on the server of the file types that you don't want. It works wonderfully and I love it.

Users can only save to their My Documents on my network. All other drives are Read-Only
.

source:
http://social.technet.microsoft.com/Forums/eu/winserverGP/thread/042a06f5-bf36-48ae-b982-77cd75f56cab

And other handy post also from MS technet:

The easy way to prevent users to save data on desktop is set folder redirection policy, redirect users’ desktop to a network share where users don’t have write permission.

Create a network share on your server, but don’t grant write permission for domain users group.

Create a GPO and link it to a scope (site, domain or OU lever not a group) that contains your domain user account.

Configure the GPO-->User Configuration-->Windows Settings-->Folder redirection-->Desktop-->Desktop Properties-->Target tab-->Setting: Basic – Redirect everyone’s folder to the same location-->Root Path: input your network share

You can also prevent user to save data in desktop through modify user’s desktop folder ACL directly.

1. Copy and save below code to a .bat file

Echo Y| cacls %userprofile%\desktop /P %username%:R

2. Create a new GPO and link it to a scope (site, domain or OU level not a Group)
3. Set at User Configuration\Windows Settings\Script\Logon
4. Copy the .bat file to Logon folder (Logon script Properties-->Add-->Browse-->Logon folder)

For more information please refer to following MS articles:
Disable adding or removing items from desktop
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/cebdf074-4cd8-4a5c-8a32-978b6747b6ff
Prevent user to save in desktop
http://social.technet.microsoft.com/Forums/en/winserverGP/thread/042a06f5-bf36-48ae-b982-77cd75f56cab
Cacls: Displays and Modifies NTFS Access Control Lists
http://technet.microsoft.com/en-us/library/cc976803.aspx

source:
http://social.technet.microsoft.com/Forums/en/winserverGP/thread/d3b21ee2-fcf8-43d6-9700-2a5f3fb3d88d
0
 
LVL 3

Author Closing Comment

by:venkatspb
ID: 38817449
Thanks
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Script to copy or move mouse-selected collection of files plus targets referenced by shortcuts (.lnk) The purpose of this article is to help illuminate the real challenges and options available (where they may exist) for utilizing simple scriptin…
I met Paul Devereux (@pdevereux) today when I responded to his tweet asking “Anybody know how to automate adding files from disk to a folder in #outlook  ?”.  I replied back and told Paul that using automation, in this case scripting, to add files t…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

739 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question