[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 347
  • Last Modified:

prevent Users to store Client information residing on the “C” drive of company laptops

most of our users do exactly that: they leave Client-and company information on the “C” drive of our company laptops.
which are the measures how i can prevent them of doing that?
0
DukewillNukem
Asked:
DukewillNukem
  • 4
  • 3
1 Solution
 
McKnifeCommented:
To point out the most important thing first: since the hard drive needs to be writable, it cannot be completely prevented. However, you can easily stop the creation of folders on the root of c: by modifying ACLs of c:, so that users can only write into their profile. Inside the profile, you can also modify ACLs for folders like the desktop accordingly and set those to read-only.

If you need further instructions, just say.
0
 
DukewillNukemAuthor Commented:
well,those are good points you mention.but how do i do implement this on 600 laptops? by GPO?
but also,we have to prevent users completely from storing data on the HD.
could that be done by redirection GPO?
0
 
McKnifeCommented:
"completely" cannot be done, sorry.
Setting ACLs via GPO is easily done: https://library.netapp.com/ecmdocs/ECMP1196993/html/GUID-A8D101D3-729F-4299-A591-4AC55A5DD12E.html describes it.
Please test thoroughly before deployment.
0
Managing Security & Risk at the Speed of Business

Gartner Research VP, Neil McDonald & AlgoSec CTO, Prof. Avishai Wool, discuss the business-driven approach to automated security policy management, its benefits and how to align security policy management with business processes to address today's security challenges.

 
DukewillNukemAuthor Commented:
well ok,not completely of course.users must not store client or business data on any computer. but thats already a good starting point. thank you
0
 
McKnifeCommented:
Also for you: please respect the ee guidelines. If an answer does not fully satisfy you, give experts a chance to improve their answers before accepting it and downgrading it.
The guidelines say "excellent" should be chosen unless answers lack information or are unprecise or otherwise unsatisfactory :)
0
 
DukewillNukemAuthor Commented:
im still not fully satisfied with that solution because i dont have anything i can show our management.
an idea is,to encrypt the C: drive,but that doesnt prevent users to store data there.
s,what else could be done except to publish a policy not doing it?
0
 
McKnifeCommented:
The drive needs to remain writable by processes started by the user. That's why it can NOT be done completely.
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now