Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 112
  • Last Modified:

actiive directory 2010 group policy

using group policy how would prevent a group of using from saving to the their local hard drive ( not redirected folders)
0
fredleone
Asked:
fredleone
  • 5
  • 5
  • 3
  • +1
1 Solution
 
RizzleCommented:
they can't save to the C drive by default unless they have admin rights to their machine. They can however make sub folders on the C drive..
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
Is it only for root c drive?

if so do that:

Go to your DC, Open ADUC, create a security group "A" for users who will not be able to save files to root drive.
2.     Open GPMC, create a GPO which links to your target machines.
3.     Expend the policy to [Computer Configuration | Windows Settings | Security Settings | File System ]
4.     Right click it, choose "Add File..." and select the "C:" drive, enter.
5.     In the security page, click "Advanced" button.
6.     Add the security group "A", choose "Apply to" to "This folder only".
7.     Tick the Deny permission:
                      i.        Create files /Write data
                     ii.        Create folders / Append data
8.     Click OK and Apply.
9.     In the warning windows, click Yes.
10.  Add Object windows, click OK.

from

https://social.technet.microsoft.com/Forums/windowsserver/en-US/e9774783-fd5b-4332-9125-eb3c719b5a57/prevent-saving-files-to-root-on-local-drive-using-group-policy

or other option would be to redirect folders and use mandatory profiles

http://technet.microsoft.com/en-us/library/cc732275.aspx
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
stu29Commented:
You can hide the C drive form them

Open the following sections: User Configuration, Administrative Templates, Windows Components, and Windows Explorer.
Click Hide these specified drives in My Computer.
Click to select the Hide these specified drives in My Computer check box.
Click the appropriate option in the drop-down box.
0
 
fredleoneAuthor Commented:
the way it currently works here is that their local  desktop is not redirected but the they can save to it . this is what they wanted.  however I am required to take away that ability from a small group of people . I wanted know the best way to accomplish this. I figured GP would be the best way
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
it you don't wont them to save anywhere use mandatory profile

http://msdn.microsoft.com/en-gb/library/windows/desktop/bb776895(v=vs.85).aspx
0
 
fredleoneAuthor Commented:
There are many small applications that run on these systems . it is only ten people, their is no GP that would just turn off access to desktop
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
create security group with these 10 users

and then  Use GPO to redirect the desktop (of that security group) to a shared folder and change share permissions to read-only
When redirecting, redirect all users to the same location and make sure the option 'Grant user exclusive rights to <folder>' is unchecked
0
 
fredleoneAuthor Commented:
ok will try

thanks
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
Any udpate?
0
 
fredleoneAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for fredleone's comment #a40409210

for the following reason:

it seems like the best solution

thank you
0
 
JAN PAKULAICT Infranstructure ManagerCommented:
No points? possible you clicked at wrong link to close the question?
0
 
RizzleCommented:
Jan

You can't force an author to grant you points. Maybe a solution he found was better for him than what was suggested.
0
 
fredleoneAuthor Commented:
solution worked thank you
0

Featured Post

Become an Android App Developer

Ready to kick start your career in 2018? Learn how to build an Android app in January’s Course of the Month and open the door to new opportunities.

  • 5
  • 5
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now