Restrict Users to Store Data in Local Drive, Desktop, Document, Downloads Etc

Prateek Singhal 1 Reputation point
2020-10-16T20:38:09.107+00:00

What would be the proper way to restrict users from Storing Data in Local Drive, Desktop, Document, Downloads Etc.

I want to deploy this policy on Hostname basis and not for specific user because that will restrict the same user to access Storage on his other systems where he logins.

What could be the possible solution? Please suggest!

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,454 questions
Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,740 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,720 questions
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. udara peiris 671 Reputation points
    2020-10-16T23:40:52.87+00:00

    Create a Group policy object and configure following setting on that to block disk C:

    User Configuration \ Administrative Templates \ Windows Components \ Windows Explorer. Then on the right side under Setting, double click on Prevent access to drives from My Computer.

    Then, Select Enable then under Options from the drop down menu you can restrict a certain disk.

    32960-2drive.png
    33035-drive.png

    Then you can link that GPO into the OU where your PCs are located.

    To restrict desktop, You can do like following,

    1. Create a Group Policy Object, go to Computer Configuration > Policy > Windows Settings > Security Settings > File System
    2. Right click and add %userprofile%\Desktop ( or another different folders that you want to restrict)
    3. Then Specify the permissions
      33051-1461573.png
    3 people found this answer helpful.
  2. Naresh 6 Reputation points
    2022-07-26T10:31:37.953+00:00

    Hi Team,
    I have tried this but policy does not applied, not getting restricted. Please suggest what is the causing the issue.

    I did this for desktop restriction but not working

    1. Create a Group Policy Object, go to Computer Configuration > Policy > Windows Settings > Security Settings > File System
    2. Right click and add %userprofile%\Desktop
    1 person found this answer helpful.
  3. Vicky Wang 2,646 Reputation points
    2020-10-19T09:06:19.813+00:00

    Hi,
     
    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
     
    Best Regards,
    Vicky

    0 comments
  4. Vicky Wang 2,646 Reputation points
    2020-10-22T09:19:34.47+00:00

    Hi,
     
    Just want to confirm the current situations.
     
    Please feel free to let us know if you need further assistance.
     
    Best Regards,
    Vicky 

    0 comments
  5. RCDA Webmaster 281 Reputation points
    2022-03-31T12:58:30.093+00:00

    That sounds like a good idea as this prevents users from writing to the C drive. Also this prevent folks from saving to the desktop. This will force folks to put files on a thumb drive and use them from there.

    When programs like the zoom client need to be updated at the start of a meeting, I don't want folks calling me because they can't get in due to an inability to update the client. Also some folks use other meeting software like WebEx.

    0 comments