actiive directory 2010 group policy

using group policy how would prevent a group of using from saving to the their local hard drive ( not redirected folders)
fredleoneAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RizzleCommented:
they can't save to the C drive by default unless they have admin rights to their machine. They can however make sub folders on the C drive..
0
JAN PAKULAICT Infranstructure ManagerCommented:
Is it only for root c drive?

if so do that:

Go to your DC, Open ADUC, create a security group "A" for users who will not be able to save files to root drive.
2.     Open GPMC, create a GPO which links to your target machines.
3.     Expend the policy to [Computer Configuration | Windows Settings | Security Settings | File System ]
4.     Right click it, choose "Add File..." and select the "C:" drive, enter.
5.     In the security page, click "Advanced" button.
6.     Add the security group "A", choose "Apply to" to "This folder only".
7.     Tick the Deny permission:
                      i.        Create files /Write data
                     ii.        Create folders / Append data
8.     Click OK and Apply.
9.     In the warning windows, click Yes.
10.  Add Object windows, click OK.

from

https://social.technet.microsoft.com/Forums/windowsserver/en-US/e9774783-fd5b-4332-9125-eb3c719b5a57/prevent-saving-files-to-root-on-local-drive-using-group-policy

or other option would be to redirect folders and use mandatory profiles

http://technet.microsoft.com/en-us/library/cc732275.aspx
0
Cloud Class® Course: Ruby Fundamentals

This course will introduce you to Ruby, as well as teach you about classes, methods, variables, data structures, loops, enumerable methods, and finishing touches.

stu29Commented:
You can hide the C drive form them

Open the following sections: User Configuration, Administrative Templates, Windows Components, and Windows Explorer.
Click Hide these specified drives in My Computer.
Click to select the Hide these specified drives in My Computer check box.
Click the appropriate option in the drop-down box.
0
fredleoneAuthor Commented:
the way it currently works here is that their local  desktop is not redirected but the they can save to it . this is what they wanted.  however I am required to take away that ability from a small group of people . I wanted know the best way to accomplish this. I figured GP would be the best way
0
JAN PAKULAICT Infranstructure ManagerCommented:
it you don't wont them to save anywhere use mandatory profile

http://msdn.microsoft.com/en-gb/library/windows/desktop/bb776895(v=vs.85).aspx
0
fredleoneAuthor Commented:
There are many small applications that run on these systems . it is only ten people, their is no GP that would just turn off access to desktop
0
JAN PAKULAICT Infranstructure ManagerCommented:
create security group with these 10 users

and then  Use GPO to redirect the desktop (of that security group) to a shared folder and change share permissions to read-only
When redirecting, redirect all users to the same location and make sure the option 'Grant user exclusive rights to <folder>' is unchecked
0
fredleoneAuthor Commented:
ok will try

thanks
0
JAN PAKULAICT Infranstructure ManagerCommented:
Any udpate?
0
fredleoneAuthor Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for fredleone's comment #a40409210

for the following reason:

it seems like the best solution

thank you
0
JAN PAKULAICT Infranstructure ManagerCommented:
No points? possible you clicked at wrong link to close the question?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
RizzleCommented:
Jan

You can't force an author to grant you points. Maybe a solution he found was better for him than what was suggested.
0
fredleoneAuthor Commented:
solution worked thank you
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Applications

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.