?
Solved

Restricting the save option

Posted on 2013-01-17
2
Medium Priority
?
331 Views
Last Modified: 2013-01-24
Dear Admins,

I need an group policy option so that any of the users do not save any thing on there system or on the desktop.  if they would try to save any thing they should get an alert/error message stating that you are not authorised to save it on this system.

regards,
venkat.
0
Comment
Question by:venkatspb
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 19

Accepted Solution

by:
helpfinder earned 1500 total points
ID: 38791941
Hi,
I am posting answer from MS technet:

To prevent Desktop saving you can do 1 of 2 things.

1> Enable Mandatory Profiles. This gives users access to save on the desktop for as long as they are logged in BUT when they logoff the entire profile is deleted including the desktop folder.

2> Enable Folder Redirection for the Desktop. This can be done with either Roaming Profiles or Local Profiles. If using Roaming Profiles redirect the users to their Profile Desktop location on the server. Eg. profiles are stored at \\server\profiles$\username  Redirect to \\server\profiles$\username\Desktop.  However, it would depend also if you are using mandatory profiles (where hundreds of users are using the same read-only profile) or just roaming profiles.

If you are running Windows 2003 R2 or later you have the File Server Resource Manager as a part of the OS. Usually it is installed separately though. I have it installed on my file servers.
http://technet.microsoft.com/en-us/library/cc754810.aspx

What this does is give you the abililty to prevet ANY saving on the server of the file types that you don't want. It works wonderfully and I love it.

Users can only save to their My Documents on my network. All other drives are Read-Only
.

source:
http://social.technet.microsoft.com/Forums/eu/winserverGP/thread/042a06f5-bf36-48ae-b982-77cd75f56cab

And other handy post also from MS technet:

The easy way to prevent users to save data on desktop is set folder redirection policy, redirect users’ desktop to a network share where users don’t have write permission.

Create a network share on your server, but don’t grant write permission for domain users group.

Create a GPO and link it to a scope (site, domain or OU lever not a group) that contains your domain user account.

Configure the GPO-->User Configuration-->Windows Settings-->Folder redirection-->Desktop-->Desktop Properties-->Target tab-->Setting: Basic – Redirect everyone’s folder to the same location-->Root Path: input your network share

You can also prevent user to save data in desktop through modify user’s desktop folder ACL directly.

1. Copy and save below code to a .bat file

Echo Y| cacls %userprofile%\desktop /P %username%:R

2. Create a new GPO and link it to a scope (site, domain or OU level not a Group)
3. Set at User Configuration\Windows Settings\Script\Logon
4. Copy the .bat file to Logon folder (Logon script Properties-->Add-->Browse-->Logon folder)

For more information please refer to following MS articles:
Disable adding or removing items from desktop
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/cebdf074-4cd8-4a5c-8a32-978b6747b6ff
Prevent user to save in desktop
http://social.technet.microsoft.com/Forums/en/winserverGP/thread/042a06f5-bf36-48ae-b982-77cd75f56cab
Cacls: Displays and Modifies NTFS Access Control Lists
http://technet.microsoft.com/en-us/library/cc976803.aspx

source:
http://social.technet.microsoft.com/Forums/en/winserverGP/thread/d3b21ee2-fcf8-43d6-9700-2a5f3fb3d88d
0
 
LVL 3

Author Closing Comment

by:venkatspb
ID: 38817449
Thanks
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome back!  My apologies for taking so long to write part two of this series; it's been a long time coming!  As I promised in Part 1, this article will focus on how to locate those elusive AD properties that you are searching for.  Why is this us…
Welcome, welcome!  If you are new to the series and haven't been following along, please take a brief moment to review the first three installments: Part 1 (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/A_266-VBScri…
This is my first video review of Microsoft Bookings, I will be doing a part two with a bit more information, but wanted to get this out to you folks.
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…

801 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question