Solved

actiive directory 2010 group policy

Posted on 2014-10-28
14
106 Views
Last Modified: 2014-11-01
using group policy how would prevent a group of using from saving to the their local hard drive ( not redirected folders)
0
Comment
Question by:fredleone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 3
  • +1
14 Comments
 
LVL 13

Expert Comment

by:Rizzle
ID: 40409109
they can't save to the C drive by default unless they have admin rights to their machine. They can however make sub folders on the C drive..
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40409116
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40409117
Is it only for root c drive?

if so do that:

Go to your DC, Open ADUC, create a security group "A" for users who will not be able to save files to root drive.
2.     Open GPMC, create a GPO which links to your target machines.
3.     Expend the policy to [Computer Configuration | Windows Settings | Security Settings | File System ]
4.     Right click it, choose "Add File..." and select the "C:" drive, enter.
5.     In the security page, click "Advanced" button.
6.     Add the security group "A", choose "Apply to" to "This folder only".
7.     Tick the Deny permission:
                      i.        Create files /Write data
                     ii.        Create folders / Append data
8.     Click OK and Apply.
9.     In the warning windows, click Yes.
10.  Add Object windows, click OK.

from

https://social.technet.microsoft.com/Forums/windowsserver/en-US/e9774783-fd5b-4332-9125-eb3c719b5a57/prevent-saving-files-to-root-on-local-drive-using-group-policy

or other option would be to redirect folders and use mandatory profiles

http://technet.microsoft.com/en-us/library/cc732275.aspx
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 9

Expert Comment

by:stu29
ID: 40409120
You can hide the C drive form them

Open the following sections: User Configuration, Administrative Templates, Windows Components, and Windows Explorer.
Click Hide these specified drives in My Computer.
Click to select the Hide these specified drives in My Computer check box.
Click the appropriate option in the drop-down box.
0
 

Author Comment

by:fredleone
ID: 40409139
the way it currently works here is that their local  desktop is not redirected but the they can save to it . this is what they wanted.  however I am required to take away that ability from a small group of people . I wanted know the best way to accomplish this. I figured GP would be the best way
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40409158
it you don't wont them to save anywhere use mandatory profile

http://msdn.microsoft.com/en-gb/library/windows/desktop/bb776895(v=vs.85).aspx
0
 

Author Comment

by:fredleone
ID: 40409187
There are many small applications that run on these systems . it is only ten people, their is no GP that would just turn off access to desktop
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40409203
create security group with these 10 users

and then  Use GPO to redirect the desktop (of that security group) to a shared folder and change share permissions to read-only
When redirecting, redirect all users to the same location and make sure the option 'Grant user exclusive rights to <folder>' is unchecked
0
 

Author Comment

by:fredleone
ID: 40409210
ok will try

thanks
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40417518
Any udpate?
0
 

Author Comment

by:fredleone
ID: 40417572
I've requested that this question be closed as follows:

Accepted answer: 0 points for fredleone's comment #a40409210

for the following reason:

it seems like the best solution

thank you
0
 
LVL 14

Accepted Solution

by:
JAN PAKULA earned 500 total points
ID: 40417536
No points? possible you clicked at wrong link to close the question?
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40417542
Jan

You can't force an author to grant you points. Maybe a solution he found was better for him than what was suggested.
0
 

Author Closing Comment

by:fredleone
ID: 40417573
solution worked thank you
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
The canonical version of this article is on my web site here: http://iconoun.com/articles/collisions/ A companion presentation is available here: http://iconoun.com/articles/collisions/Unicode_Presentation.pdf
The viewer will learn how to simulate a series of sales calls dependent on a single skill level and learn how to simulate a series of sales calls dependent on two skill levels. Simulating Independent Sales Calls: Enter .75 into cell C2 – “skill leve…
The viewer will learn how to create a normally distributed random variable in Excel, use a normal distribution to simulate the return on an investment over a period of years, Create a Monte Carlo simulation using a normal random variable, and calcul…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question