?
Solved

prevent Users to store Client information residing on the “C” drive of company laptops

Posted on 2014-04-04
7
Medium Priority
?
337 Views
Last Modified: 2014-04-10
most of our users do exactly that: they leave Client-and company information on the “C” drive of our company laptops.
which are the measures how i can prevent them of doing that?
0
Comment
Question by:DukewillNukem
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 56

Expert Comment

by:McKnife
ID: 39977658
To point out the most important thing first: since the hard drive needs to be writable, it cannot be completely prevented. However, you can easily stop the creation of folders on the root of c: by modifying ACLs of c:, so that users can only write into their profile. Inside the profile, you can also modify ACLs for folders like the desktop accordingly and set those to read-only.

If you need further instructions, just say.
0
 

Author Comment

by:DukewillNukem
ID: 39977789
well,those are good points you mention.but how do i do implement this on 600 laptops? by GPO?
but also,we have to prevent users completely from storing data on the HD.
could that be done by redirection GPO?
0
 
LVL 56

Accepted Solution

by:
McKnife earned 1500 total points
ID: 39977798
"completely" cannot be done, sorry.
Setting ACLs via GPO is easily done: https://library.netapp.com/ecmdocs/ECMP1196993/html/GUID-A8D101D3-729F-4299-A591-4AC55A5DD12E.html describes it.
Please test thoroughly before deployment.
0
Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

 

Author Comment

by:DukewillNukem
ID: 39977827
well ok,not completely of course.users must not store client or business data on any computer. but thats already a good starting point. thank you
0
 
LVL 56

Expert Comment

by:McKnife
ID: 39977872
Also for you: please respect the ee guidelines. If an answer does not fully satisfy you, give experts a chance to improve their answers before accepting it and downgrading it.
The guidelines say "excellent" should be chosen unless answers lack information or are unprecise or otherwise unsatisfactory :)
0
 

Author Comment

by:DukewillNukem
ID: 39991583
im still not fully satisfied with that solution because i dont have anything i can show our management.
an idea is,to encrypt the C: drive,but that doesnt prevent users to store data there.
s,what else could be done except to publish a policy not doing it?
0
 
LVL 56

Expert Comment

by:McKnife
ID: 39991913
The drive needs to remain writable by processes started by the user. That's why it can NOT be done completely.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
A look at what happened in the Verizon cloud breach.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question