Disable saving any files in workstation.
-
Hi All,
There is a requirement to disable the saving/storing of any files in client workstation(windows 7). We doesn't want the clients to save any type of files in their C & D Drive. It include desktop, my Documents.
If the client can save the files in desktop as temporary and after reboot if it get deleted , then its is very good.
I was planing of enabling a Mandatory profile and Restrict access to drives in my computer through Group Policy.
How can we enable Mandatory profile through Group Policy?
Please suggest me an better idea to implement the same.
-
Sounds like you are looking for something like DriveVaccine, DeepFreeze Etc.
You can restrict this with file permissions but, you will likely run into other issues with programs running.
-
I was just about to mention DeepFreeze too. It keeps the entire system completely free from alterations. Very secure.
-
@scottalanmiller said:
DeepFreeze
Thanks for the quick reply , any options with windows and GPO, other than third party solutions.
-
Back with Windows XP this was all included. They made it third party only after that, sadly. Too bad, it was a great addition to the OS.
-
@sreekumarpg said:
@scottalanmiller said:
DeepFreeze
Thanks for the quick reply , any options with windows and GPO, other than third party solutions.
It's possible using NTFS permissiosn with Group Policy.. In theory that is. In Practice it just won't work. Users need to be able to write to locations to use the computer even if they aren't "saving files"
-
Does this KB help?
-
Are you wanting them to save to a network file server? Why not just use folder redirection for Documents and the Desktop? (Please don't even try roaming profiles though, I just mean folder redirection).
-
And may be enable folder redirection, if they want to save something, goes straight to your network drive? https://4sysops.com/archives/folder-redirection-part-1-introduction/
-
@Ambarishrh said:
d may be enable folder redirection, if they want to save something, goes straight to your network drive?
Yes i checked that too, as redirect the folder to server and allow read only permission . but more storage space is required.
We already have a DFS in place for storing their files.
I think Mandatory profile will be a good option but how we can do through GPO, as we have more than 100 computers requirement
-
@sreekumarpg said:
Yes i checked that too, as redirect the folder to server and allow read only permissionWait so how do they save their work at all?
-
@sreekumarpg said:
I think Mandatory profile will be a good option but how we can do through GPO, as we have more than 100 computers requirement
a Mandatory profile is a roaming user profile and tends to cause more issues than it fixes.
-
-
@thecreativeone91 , They are saving their works on shared folder.
-
@sreekumarpg said:
@thecreativeone91 , They are saving their works on shared folder.
Does each user not have their own Network folder or is everyone saving to the same location? if each is unique (ex: \fs-01\users$%username%) you can redirect the desktop and documents location so they will be saving under their network folder. That would be the simplest way to stop people from saving locally. You can also enable Quota's in Windows File server management to prevent them from wasting space.
-
Thanks all for the valid answers..
I planned to redirect the Desktop and my documents to network folder and assign permission as readonly access, so that users cant save any files on desktops. Also Restrict access to c & D drives in my computer, so that they are not able to store files in drive.
Thanks !!
-
Test it and let us know how it goes please
-
@sreekumarpg said:
Thanks all for the valid answers..
I planned to redirect the Desktop and my documents to network folder and assign permission as readonly access, so that users cant save any files on desktops. Also Restrict access to c & D drives in my computer, so that they are not able to store files in drive.
Thanks !!
Wow, I've never heard anyone doing this before. I will be surprised if you don't have issues.
If the idea is to ensure that everyone always has access to everything (seems like an overly paranoid request) then you can grant full access (or at least read/write access) to the redirection folder on the server. When setting up the folder redirection in GPO make sure you don't check the box that gives only the user exclusive access.
-
DeepFreeze is a great solution in this case, or you can go to something like thin clients or VDI. That seems to be your two options at this point.
-
@Dashrender said:
@sreekumarpg said:
Thanks all for the valid answers..
I planned to redirect the Desktop and my documents to network folder and assign permission as readonly access, so that users cant save any files on desktops. Also Restrict access to c & D drives in my computer, so that they are not able to store files in drive.
Thanks !!
Wow, I've never heard anyone doing this before. I will be surprised if you don't have issues.
If the idea is to ensure that everyone always has access to everything (seems like an overly paranoid request) then you can grant full access (or at least read/write access) to the redirection folder on the server. When setting up the folder redirection in GPO make sure you don't check the box that gives only the user exclusive access.
This is going to cause a mountain of issues, I'm warning you. If the issue is that users are saving them on the local desktop and not on a NAS/network drive, use folder redirection, which is easy with GPO. If it's just users saving documents on the local machines period, you need to look at alternative approaches to how you handle your workstations.
