Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Group Policies
- Thread starter mannion
- Start date
- Thread starter
- #2
SelbyGlenn
Technical User
You could do a folder redirection for the desktop to a specific place on a server then every night move the data. They'll soon change their habits if the data keeps dissapearing!! Don't think you would be too popular though.
Another option is give the users mandatory profiles so they can't save anything to their desktops. Glenn
BEng A+ MCSE CCA
Another option is give the users mandatory profiles so they can't save anything to their desktops. Glenn
BEng A+ MCSE CCA
- Thread starter
- #4
Hi I have done this but the users are still able to save a word document to the desktop, then when they log off the file will disappear, also I enabled delete local caching of profile so it aint recoverable.
any more ideas James Mannion
IT Officer
james.mannion@exeter.gov.uk
any more ideas James Mannion
IT Officer
james.mannion@exeter.gov.uk
I don't see a policy that does this, but here are some twisted suggestions.
Try "forcing" Active Desktop, then overlaying the desktop with a page of your choice. Though, the save wouldn't be stopped.
etc...
This one could get you in trouble.
Use the Encrypting File System to set the desktop folder encrypted, but do so under the Administrator or a special account you set up for this purpose (remember to encrypt the right desktop). DON'T leave the encryption flag on anything currently on the desktop (immediately deselect existing items that the user can access - the goal is to get the folder flagged, but not any items).
Then, log in as the user. Try to create a file. You should receive "Access Denied", or at least a failure, because the EFS will require the credentials of the user that created the encryption on the folder (or an authorized recovery agent). If the user is an administrator of their own machine, you might have to tweak rights, or export the EFS key.
Warning: accessing EFS files as an unauthorized user from another workstation will freeze that remote Explorer process for some time. I don't know what will happen for the local user. If this works (I haven't tried it), it would off mainstream. Test it for side effects, somewhere safe. E.g., let's say you wanted a standard Office desktop document for all users. Office tends to create temp files in the same folder as the original document - not to mention other apps. It could be a headache.
Then, there are always commercial solutions...like FullArmor...
Try "forcing" Active Desktop, then overlaying the desktop with a page of your choice. Though, the save wouldn't be stopped.
etc...
This one could get you in trouble.
Use the Encrypting File System to set the desktop folder encrypted, but do so under the Administrator or a special account you set up for this purpose (remember to encrypt the right desktop). DON'T leave the encryption flag on anything currently on the desktop (immediately deselect existing items that the user can access - the goal is to get the folder flagged, but not any items).
Then, log in as the user. Try to create a file. You should receive "Access Denied", or at least a failure, because the EFS will require the credentials of the user that created the encryption on the folder (or an authorized recovery agent). If the user is an administrator of their own machine, you might have to tweak rights, or export the EFS key.
Warning: accessing EFS files as an unauthorized user from another workstation will freeze that remote Explorer process for some time. I don't know what will happen for the local user. If this works (I haven't tried it), it would off mainstream. Test it for side effects, somewhere safe. E.g., let's say you wanted a standard Office desktop document for all users. Office tends to create temp files in the same folder as the original document - not to mention other apps. It could be a headache.
Then, there are always commercial solutions...like FullArmor...
- Status
Similar threads
- Locked
- Question