[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 346
  • Last Modified:

prevent Users to store Client information residing on the “C” drive of company laptops

most of our users do exactly that: they leave Client-and company information on the “C” drive of our company laptops.
which are the measures how i can prevent them of doing that?
0
DukewillNukem
Asked:
DukewillNukem
  • 4
  • 3
1 Solution
 
McKnifeCommented:
To point out the most important thing first: since the hard drive needs to be writable, it cannot be completely prevented. However, you can easily stop the creation of folders on the root of c: by modifying ACLs of c:, so that users can only write into their profile. Inside the profile, you can also modify ACLs for folders like the desktop accordingly and set those to read-only.

If you need further instructions, just say.
0
 
DukewillNukemAuthor Commented:
well,those are good points you mention.but how do i do implement this on 600 laptops? by GPO?
but also,we have to prevent users completely from storing data on the HD.
could that be done by redirection GPO?
0
 
McKnifeCommented:
"completely" cannot be done, sorry.
Setting ACLs via GPO is easily done: https://library.netapp.com/ecmdocs/ECMP1196993/html/GUID-A8D101D3-729F-4299-A591-4AC55A5DD12E.html describes it.
Please test thoroughly before deployment.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
DukewillNukemAuthor Commented:
well ok,not completely of course.users must not store client or business data on any computer. but thats already a good starting point. thank you
0
 
McKnifeCommented:
Also for you: please respect the ee guidelines. If an answer does not fully satisfy you, give experts a chance to improve their answers before accepting it and downgrading it.
The guidelines say "excellent" should be chosen unless answers lack information or are unprecise or otherwise unsatisfactory :)
0
 
DukewillNukemAuthor Commented:
im still not fully satisfied with that solution because i dont have anything i can show our management.
an idea is,to encrypt the C: drive,but that doesnt prevent users to store data there.
s,what else could be done except to publish a policy not doing it?
0
 
McKnifeCommented:
The drive needs to remain writable by processes started by the user. That's why it can NOT be done completely.
0

Featured Post

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now