Solved

actiive directory 2010 group policy

Posted on 2014-10-28
14
107 Views
Last Modified: 2014-11-01
using group policy how would prevent a group of using from saving to the their local hard drive ( not redirected folders)
0
Comment
Question by:fredleone
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 5
  • 3
  • +1
14 Comments
 
LVL 13

Expert Comment

by:Rizzle
ID: 40409109
they can't save to the C drive by default unless they have admin rights to their machine. They can however make sub folders on the C drive..
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40409116
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40409117
Is it only for root c drive?

if so do that:

Go to your DC, Open ADUC, create a security group "A" for users who will not be able to save files to root drive.
2.     Open GPMC, create a GPO which links to your target machines.
3.     Expend the policy to [Computer Configuration | Windows Settings | Security Settings | File System ]
4.     Right click it, choose "Add File..." and select the "C:" drive, enter.
5.     In the security page, click "Advanced" button.
6.     Add the security group "A", choose "Apply to" to "This folder only".
7.     Tick the Deny permission:
                      i.        Create files /Write data
                     ii.        Create folders / Append data
8.     Click OK and Apply.
9.     In the warning windows, click Yes.
10.  Add Object windows, click OK.

from

https://social.technet.microsoft.com/Forums/windowsserver/en-US/e9774783-fd5b-4332-9125-eb3c719b5a57/prevent-saving-files-to-root-on-local-drive-using-group-policy

or other option would be to redirect folders and use mandatory profiles

http://technet.microsoft.com/en-us/library/cc732275.aspx
0
Increase Agility with Enabled Toolchains

Connect your existing build, deployment, management, monitoring, and collaboration platforms. From Puppet to Chef, HipChat to Slack, ServiceNow to JIRA, Splunk to New Relic and beyond, hand off data between systems to engage the right people.

Connect with xMatters.

 
LVL 9

Expert Comment

by:stu29
ID: 40409120
You can hide the C drive form them

Open the following sections: User Configuration, Administrative Templates, Windows Components, and Windows Explorer.
Click Hide these specified drives in My Computer.
Click to select the Hide these specified drives in My Computer check box.
Click the appropriate option in the drop-down box.
0
 

Author Comment

by:fredleone
ID: 40409139
the way it currently works here is that their local  desktop is not redirected but the they can save to it . this is what they wanted.  however I am required to take away that ability from a small group of people . I wanted know the best way to accomplish this. I figured GP would be the best way
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40409158
it you don't wont them to save anywhere use mandatory profile

http://msdn.microsoft.com/en-gb/library/windows/desktop/bb776895(v=vs.85).aspx
0
 

Author Comment

by:fredleone
ID: 40409187
There are many small applications that run on these systems . it is only ten people, their is no GP that would just turn off access to desktop
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40409203
create security group with these 10 users

and then  Use GPO to redirect the desktop (of that security group) to a shared folder and change share permissions to read-only
When redirecting, redirect all users to the same location and make sure the option 'Grant user exclusive rights to <folder>' is unchecked
0
 

Author Comment

by:fredleone
ID: 40409210
ok will try

thanks
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40417518
Any udpate?
0
 

Author Comment

by:fredleone
ID: 40417572
I've requested that this question be closed as follows:

Accepted answer: 0 points for fredleone's comment #a40409210

for the following reason:

it seems like the best solution

thank you
0
 
LVL 14

Accepted Solution

by:
JAN PAKULA earned 500 total points
ID: 40417536
No points? possible you clicked at wrong link to close the question?
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40417542
Jan

You can't force an author to grant you points. Maybe a solution he found was better for him than what was suggested.
0
 

Author Closing Comment

by:fredleone
ID: 40417573
solution worked thank you
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
Technology opened people to different means of presenting information, but PowerPoint remains to be above competition. Know why PPT still works today.
The viewer will learn how to use a discrete random variable to simulate the return on an investment over a period of years, create a Monte Carlo simulation using the discrete random variable, and create a graph to represent the possible returns over…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question