How can I limit where domain users can save files on their computer using active directory policy?

Posted on Jul 01, 2008 under domain news and reports | 2 Comments

We want to force users connecting to a domain to save personal files (doc, word, excel) to their network drive. How can we prevent them from saving files to their desktop and/or My Documents, etc.

Related Posts

2 Responses to “How can I limit where domain users can save files on their computer using active directory policy?”

  1. besimorhino Says:
    July 1st, 2008 at 9:16 am

    To prevent normal users from saving to a folder i.e. their desktop, you could run the following command:
    %LOGONSERVER%\Netlogon\xcacls "%USERPROFILE%\Desktop" /P "%USERDOMAIN%\%USERNAME%":RX Administrators:F System:F /Y

    note: you will need xcacls to do this. You can get this from MS here:
    http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/xcacls-o.asp

    For a bit more info on this you can go here:
    http://www.petri.co.il/forums/showthread.php?p=549#post549

    I strongly recommend that you look at the MS Group Policy white papers:
    http://technet2.microsoft.com/WindowsServer/f/?en/library/b9cb929b-4c2f-4754-ad31-d154bb8105771033.mspx

    There's a TON of great info on this site. I'm sure you'll find what you need there.

    Best of luck!

  2. free porn Says:
    January 18th, 2012 at 12:54 am

    … [Trackback] …

    [...] Read More: getportals.com/2008/07/01/how-can-i-limit-where-domain-users-can-save-files-on-their-computer-using-active-directory-policy/ [...] …

Leave a Reply