Solved

actiive directory 2010 group policy

Posted on 2014-10-28
14
104 Views
Last Modified: 2014-11-01
using group policy how would prevent a group of using from saving to the their local hard drive ( not redirected folders)
0
Comment
Question by:fredleone
  • 5
  • 5
  • 3
  • +1
14 Comments
 
LVL 13

Expert Comment

by:Rizzle
ID: 40409109
they can't save to the C drive by default unless they have admin rights to their machine. They can however make sub folders on the C drive..
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40409116
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40409117
Is it only for root c drive?

if so do that:

Go to your DC, Open ADUC, create a security group "A" for users who will not be able to save files to root drive.
2.     Open GPMC, create a GPO which links to your target machines.
3.     Expend the policy to [Computer Configuration | Windows Settings | Security Settings | File System ]
4.     Right click it, choose "Add File..." and select the "C:" drive, enter.
5.     In the security page, click "Advanced" button.
6.     Add the security group "A", choose "Apply to" to "This folder only".
7.     Tick the Deny permission:
                      i.        Create files /Write data
                     ii.        Create folders / Append data
8.     Click OK and Apply.
9.     In the warning windows, click Yes.
10.  Add Object windows, click OK.

from

https://social.technet.microsoft.com/Forums/windowsserver/en-US/e9774783-fd5b-4332-9125-eb3c719b5a57/prevent-saving-files-to-root-on-local-drive-using-group-policy

or other option would be to redirect folders and use mandatory profiles

http://technet.microsoft.com/en-us/library/cc732275.aspx
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 9

Expert Comment

by:stu29
ID: 40409120
You can hide the C drive form them

Open the following sections: User Configuration, Administrative Templates, Windows Components, and Windows Explorer.
Click Hide these specified drives in My Computer.
Click to select the Hide these specified drives in My Computer check box.
Click the appropriate option in the drop-down box.
0
 

Author Comment

by:fredleone
ID: 40409139
the way it currently works here is that their local  desktop is not redirected but the they can save to it . this is what they wanted.  however I am required to take away that ability from a small group of people . I wanted know the best way to accomplish this. I figured GP would be the best way
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40409158
it you don't wont them to save anywhere use mandatory profile

http://msdn.microsoft.com/en-gb/library/windows/desktop/bb776895(v=vs.85).aspx
0
 

Author Comment

by:fredleone
ID: 40409187
There are many small applications that run on these systems . it is only ten people, their is no GP that would just turn off access to desktop
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40409203
create security group with these 10 users

and then  Use GPO to redirect the desktop (of that security group) to a shared folder and change share permissions to read-only
When redirecting, redirect all users to the same location and make sure the option 'Grant user exclusive rights to <folder>' is unchecked
0
 

Author Comment

by:fredleone
ID: 40409210
ok will try

thanks
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40417518
Any udpate?
0
 

Author Comment

by:fredleone
ID: 40417572
I've requested that this question be closed as follows:

Accepted answer: 0 points for fredleone's comment #a40409210

for the following reason:

it seems like the best solution

thank you
0
 
LVL 14

Accepted Solution

by:
JAN PAKULA earned 500 total points
ID: 40417536
No points? possible you clicked at wrong link to close the question?
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40417542
Jan

You can't force an author to grant you points. Maybe a solution he found was better for him than what was suggested.
0
 

Author Closing Comment

by:fredleone
ID: 40417573
solution worked thank you
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SCCM 2012 R2 - how to kill program if running, before deployment 4 89
Moving SharePoint 3.0 role to differen server 7 68
ost file to pst 10 165
how to count files? 4 30
Many companies are making the switch from Microsoft to Google Apps (https://www.google.com/work/apps/business/). Use this article to learn more about what Google Apps has to offer and to help if you’re planning on migrating to Google Apps. It is …
The new Microsoft OS looks great, is easier than ever to upgrade to, it is even free.  So what's the catch?  If you don't change the privacy settings, Microsoft will, in accordance with the (EULA) you clicked okay to without reading, collect all the…
Viewers will learn the different options available in the Backstage view in Excel 2013.
The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question