prevent Users to store Client information residing on the “C” drive of company laptops

most of our users do exactly that: they leave Client-and company information on the “C” drive of our company laptops.
which are the measures how i can prevent them of doing that?
DukewillNukemAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

McKnifeCommented:
To point out the most important thing first: since the hard drive needs to be writable, it cannot be completely prevented. However, you can easily stop the creation of folders on the root of c: by modifying ACLs of c:, so that users can only write into their profile. Inside the profile, you can also modify ACLs for folders like the desktop accordingly and set those to read-only.

If you need further instructions, just say.
0
DukewillNukemAuthor Commented:
well,those are good points you mention.but how do i do implement this on 600 laptops? by GPO?
but also,we have to prevent users completely from storing data on the HD.
could that be done by redirection GPO?
0
McKnifeCommented:
"completely" cannot be done, sorry.
Setting ACLs via GPO is easily done: https://library.netapp.com/ecmdocs/ECMP1196993/html/GUID-A8D101D3-729F-4299-A591-4AC55A5DD12E.html describes it.
Please test thoroughly before deployment.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

DukewillNukemAuthor Commented:
well ok,not completely of course.users must not store client or business data on any computer. but thats already a good starting point. thank you
0
McKnifeCommented:
Also for you: please respect the ee guidelines. If an answer does not fully satisfy you, give experts a chance to improve their answers before accepting it and downgrading it.
The guidelines say "excellent" should be chosen unless answers lack information or are unprecise or otherwise unsatisfactory :)
0
DukewillNukemAuthor Commented:
im still not fully satisfied with that solution because i dont have anything i can show our management.
an idea is,to encrypt the C: drive,but that doesnt prevent users to store data there.
s,what else could be done except to publish a policy not doing it?
0
McKnifeCommented:
The drive needs to remain writable by processes started by the user. That's why it can NOT be done completely.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.