Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

Prevent Access on Windows 7 professional PCs

  • Filter
  • Time
  • Show
Clear All
new posts

  • Prevent Access on Windows 7 professional PCs

    I have been tasked with denying users in my domain from saving to Desktop/Documents Folder/Local Drives. How can this be achieved? It would be helpful, if this can be implemented with some script or through GPO. In case of GPO, Please send steps on how we could selectively apply this Policy on.

  • #2
    There is a group policy setting to delete desktop files on logoff - it does not prevent them saving to the desktop, but will kill anything the do save there (Muuaaahhhhhaaaahhhhhaaaa!)
    For the Documents Folder, consider folder redirection to a network share

    You can also set general permissions on the drive to prevent write for normal users, again through group policy
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    IT Trainer / Consultant
    Ossian Ltd

    ** Remember to give credit where credit is due and leave reputation points where appropriate **


    • #3
      There's also a pair of settings which are labelled as 'Hide these specified drives..' and 'Prevent access to drives...'. These settings are found under 'User - Policies - Administrative Templates - Windows Components - File Explorer'. Shortcuts from a Public Desktop (aka All Users) to either installed applications or Windows Explorer network locations work just fine, but enabling those 2 settings will prevent users from even seeing C:\ in an Explorer window, and they can't manually create shortcuts even if they know the specific path and filename they want to access. This also assumes that you're using Redirects for everything in a user profile that can be Redirected, as pointed out by Ossian, as you would be cutting off all user-access to anything an admin doesn't create for them on the PC. If a full Redirects policy is in place, all the storage for everything they do would be on your network file store, and nothing on the PCs.
      MSCA (2003/XP), Security+, CCNA

      ** Remember: credit where credit is due, and reputation points as appropriate **