Abraham Deutsch
asked on
Best way to restrict saving documents locally
I set up a computer “not domain joined” “windows 10 home (does not have local GP)” for a remote employee, she will connect with remote desktop to the office, I restricted saving any documents locally.
The way I did it, I removed the users write permission from document/desktop/pictures/ music. In addition, took ownership so the user cannot change the permission.
Any other quicker or more efficient way to accomplish the above?
The way I did it, I removed the users write permission from document/desktop/pictures/
Any other quicker or more efficient way to accomplish the above?
Could always Deep Freeze/clean slate it as well, teaches some hard lessons at first however long run tends to gets rid of headaches.
You cannot safely prevent that. the user will always be able to write to places you did not think of, remote devices. And places you cannot removd access without breaking stuff : tmp dirs for example.
It seems easier to provide her with a remote desktop on a machine hosted on premices
It seems easier to provide her with a remote desktop on a machine hosted on premices
ASKER
It seems easier to provide her with a remote desktop on a machine hosted on premise
This is how I set it up, all the restrictions I did is on the client laptop (that is used to make the connection the the PC in the office)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you
sorry i cannot come with an actual solution to your problem.
if you need tips on setting up a hardened host, i'll be happy to oblige. this should actually be relatively easy using a minimal distro such as alpine, or possibly an in-ram distro like slitaz, openvpn/sshtunnel to guarantee only said host can access the server, xorg with no config file, and rdesktop started full screen without a desktop or window manager.
if you need tips on setting up a hardened host, i'll be happy to oblige. this should actually be relatively easy using a minimal distro such as alpine, or possibly an in-ram distro like slitaz, openvpn/sshtunnel to guarantee only said host can access the server, xorg with no config file, and rdesktop started full screen without a desktop or window manager.