Solved

actiive directory 2010 group policy

Posted on 2014-10-28
14
105 Views
Last Modified: 2014-11-01
using group policy how would prevent a group of using from saving to the their local hard drive ( not redirected folders)
0
Comment
Question by:fredleone
  • 5
  • 5
  • 3
  • +1
14 Comments
 
LVL 13

Expert Comment

by:Rizzle
ID: 40409109
they can't save to the C drive by default unless they have admin rights to their machine. They can however make sub folders on the C drive..
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40409116
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40409117
Is it only for root c drive?

if so do that:

Go to your DC, Open ADUC, create a security group "A" for users who will not be able to save files to root drive.
2.     Open GPMC, create a GPO which links to your target machines.
3.     Expend the policy to [Computer Configuration | Windows Settings | Security Settings | File System ]
4.     Right click it, choose "Add File..." and select the "C:" drive, enter.
5.     In the security page, click "Advanced" button.
6.     Add the security group "A", choose "Apply to" to "This folder only".
7.     Tick the Deny permission:
                      i.        Create files /Write data
                     ii.        Create folders / Append data
8.     Click OK and Apply.
9.     In the warning windows, click Yes.
10.  Add Object windows, click OK.

from

https://social.technet.microsoft.com/Forums/windowsserver/en-US/e9774783-fd5b-4332-9125-eb3c719b5a57/prevent-saving-files-to-root-on-local-drive-using-group-policy

or other option would be to redirect folders and use mandatory profiles

http://technet.microsoft.com/en-us/library/cc732275.aspx
0
Instantly Create Instructional Tutorials

Contextual Guidance at the moment of need helps your employees adopt to new software or processes instantly. Boost knowledge retention and employee engagement step-by-step with one easy solution.

 
LVL 9

Expert Comment

by:stu29
ID: 40409120
You can hide the C drive form them

Open the following sections: User Configuration, Administrative Templates, Windows Components, and Windows Explorer.
Click Hide these specified drives in My Computer.
Click to select the Hide these specified drives in My Computer check box.
Click the appropriate option in the drop-down box.
0
 

Author Comment

by:fredleone
ID: 40409139
the way it currently works here is that their local  desktop is not redirected but the they can save to it . this is what they wanted.  however I am required to take away that ability from a small group of people . I wanted know the best way to accomplish this. I figured GP would be the best way
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40409158
it you don't wont them to save anywhere use mandatory profile

http://msdn.microsoft.com/en-gb/library/windows/desktop/bb776895(v=vs.85).aspx
0
 

Author Comment

by:fredleone
ID: 40409187
There are many small applications that run on these systems . it is only ten people, their is no GP that would just turn off access to desktop
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40409203
create security group with these 10 users

and then  Use GPO to redirect the desktop (of that security group) to a shared folder and change share permissions to read-only
When redirecting, redirect all users to the same location and make sure the option 'Grant user exclusive rights to <folder>' is unchecked
0
 

Author Comment

by:fredleone
ID: 40409210
ok will try

thanks
0
 
LVL 14

Expert Comment

by:JAN PAKULA
ID: 40417518
Any udpate?
0
 

Author Comment

by:fredleone
ID: 40417572
I've requested that this question be closed as follows:

Accepted answer: 0 points for fredleone's comment #a40409210

for the following reason:

it seems like the best solution

thank you
0
 
LVL 14

Accepted Solution

by:
JAN PAKULA earned 500 total points
ID: 40417536
No points? possible you clicked at wrong link to close the question?
0
 
LVL 13

Expert Comment

by:Rizzle
ID: 40417542
Jan

You can't force an author to grant you points. Maybe a solution he found was better for him than what was suggested.
0
 

Author Closing Comment

by:fredleone
ID: 40417573
solution worked thank you
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

User Beware!  This is a rather permanent solution to removing your email from an exchange server.  The only way to truly go back is to have your exchange administrator restore your mailbox from backups.  This is usually the option of last resort.  A…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Viewers will learn the different options available in the Backstage view in Excel 2013.
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question