Hamins Posted September 26, 2006 Share Posted September 26, 2006 Hi,We have a network running a single Windows 2003 Std. server (Acts as file/print server, DC, DHCP, DNS etc.) with around 25 XP clients. All the data lies centrally on the server. The users are not supposed to save data locally on the client PCs they're working on. Is there any way (GPO etc.) to prevent users from saving any data onto the local (client PC) drives ?Also, is there any way to preventing users from installing any application onto the client PCs ?A detailed response would be really appreciated.Thanks ! Link to comment Share on other sites More sharing options...
tain Posted September 26, 2006 Share Posted September 26, 2006 Depending on your cash availability and how important it is that this policy be enforced, these things are AWESOME:http://www.centuriontech.com/products/centurionguard/I've used them for public access PCs. Kiss your tech support worries goodbye! You get a fresh new client just like you intended every time you boot it up. Link to comment Share on other sites More sharing options...
Hamins Posted September 26, 2006 Author Share Posted September 26, 2006 Interesting product. However, I'm looking for lost-cost solution, using the existing resources (Active Directory/GPO). Thanks anyway, Tain Link to comment Share on other sites More sharing options...
Ctrl-X Posted September 26, 2006 Share Posted September 26, 2006 Some reading you may find interesting: Profile and Folder Redirection In Windows Server 2003 Link to comment Share on other sites More sharing options...
Hamins Posted September 26, 2006 Author Share Posted September 26, 2006 Thnx for your response Ctrl-X. However, I know of roaming profiles and folder re-direction, and have already implemented them on the network. I'm looking for a way to deny users from saving anything onto the local drives. They should be able to save all work related data in a specific folder on the server.Anyone know how to do that ? Link to comment Share on other sites More sharing options...
Ctrl-X Posted September 26, 2006 Share Posted September 26, 2006 You could apply NTFS restrictions to all local folders that might be used to save data. Unfortunately users would still need write access to some folders (Temp, local profile), so a determined user could always find a "workaround". Link to comment Share on other sites More sharing options...
yianniv Posted September 26, 2006 Share Posted September 26, 2006 There are two very useful settings in GP under:User Configuration/Administrative Templates/Windows Components/Windows Explorer:- Hide these specified drives in My Computer- Prevent Access to drives from My ComputerThe first only hides the drive (e.g. c:) but you can still access it by typing it in the address bar.The second does ...well prevent access. The user still has access to %temp% and other critical folders. Read the relevant Help in the setting.A small hint, you will save yourself a lot of trouble if you don't give administrative rights to your users.Regards, Yianni Link to comment Share on other sites More sharing options...
tarquel Posted September 26, 2006 Share Posted September 26, 2006 (edited) yianniv hehe you just beat me to it.By far, the cheapest way - along with the suggestion of not giving admin rights to users who aren't admins EDIT: forgot to mention thats how i do it hehe CheersNath Edited September 26, 2006 by tarquel Link to comment Share on other sites More sharing options...
Hamins Posted September 30, 2006 Author Share Posted September 30, 2006 None of the users have admin rights. However, they can still save data on the Local HDD of the client PCs. They can also install certain programs. Link to comment Share on other sites More sharing options...
tarquel Posted October 4, 2006 Share Posted October 4, 2006 if none of them have admin rights, then follow the advice of yianniv's post to do what you are after.RegardsNath Link to comment Share on other sites More sharing options...
Hamins Posted October 5, 2006 Author Share Posted October 5, 2006 Thanks for your response guys. I've already tried most of the above mentioned suggestion, but they don't work. Some programs still get installed. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now