Re: Restrict writing to C:

Tech-Archive recommends: Fix windows errors by optimizing your registry

Hi,

Why can't you try the suggestion I made about removing the ability to write
below the root of C? You could try it on a test machine. If this isn't
helpful, can you give a series of steps a user would perform to achieve the
behaviour you are not happy with?

I'm not aware of a "quick fix" to lock down the C drive.

I do note in Vista, the C drive permissions look like a nightmare and
there's also a junction point of Documents and Settings. Could be a hackers
dream - lock people out of their own computers!

--
Gerry Hickman - (London UK)

"jason" <jason@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:51F67CA0-A7C1-4F62-8037-5794B1F8DE54@xxxxxxxxxxxxxxxx
Yes- The users do not have Admin rights on the computer. I thought there
was
a way to direct them to only thier home directory and Lock everything else
down. I understand that they need write access to thier local profile
however we can clean this up with a logoff script.

Any other suggestions?
Thanks
Jason

"Gerry Hickman" wrote:

Hi,

Are we talking about users that don't have Admin rights?

On Win2k the root of the C drive has inheritable permissions that are
Everyone:F, if this was changed at the root, it would probably prevent
new
folders being created under the root. Documents and Settings is a
different
beast, because the user will have write access to their profile.

We replace our workstations every three years, and since using Win2k
with
non-Admin rights, I find the machines are almost as clean on the day we
recycle them as on the day they were built (in terms of what's on the C
drive).

--
Gerry Hickman - (London UK)

"jason" <jason@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:C7A60F91-B934-478F-9BC7-C1374E7F8D68@xxxxxxxxxxxxxxxx
I would like to restrict users from downloading applications or files
and
saveing them to the local machine. They are restricted from saving
and
installing non .exe and .msi files into C:\Program FIles due to
restrictions
however they can change the network path to direct to C:\application
name
and
can install there. When I try to restrict access to C: I get errors
al
log
in. (C: is also hidden from My Computer)

Ideally I would like them to only be able to save into their home
directory.
Is there a group policy to do this?
Thanks





.

Relevant Pages

  • Re: Publishing FP 2002 to a directory
    ... Ian Parris wrote: ... > specific directory rather than the default root ... Gerry Hickman (London UK) ...
    (microsoft.public.frontpage.extensions.windowsnt)
  • Re: How do I solve this boot.ini problem with WinXP?
    ... Win2K's root. ... I've ended up right now with old-version ntldr/ntdetect files in Win2k, ... have already Win2K installed then you easily install WinXP on a Logical Drive. ... or Multiple Hard Disk only one can be set as a "Active Partition". ...
    (microsoft.public.windowsxp.newusers)
  • Re: Where did the ending come from? Middlesex, Essex, Sussex, Wessex etc
    ... Celts, with a language derived from a Sanskrit root, who were pushed over ... including London and Dover... ... No. That's wahat the current books say but future history books are ...
    (soc.genealogy.britain)
  • Re: Restrict writing to C:
    ... Are we talking about users that don't have Admin rights? ... On Win2k the root of the C drive has inheritable permissions that are ... Everyone:F, if this was changed at the root, it would probably prevent new ... installing non .exe and .msi files into C:\Program FIles due to ...
    (microsoft.public.windows.group_policy)
  • Re: I N Galidakis: "sick fuck" disturbs astronomy-chat.net
    ... [this is the root of the discussion:] ... Theodore Mavroidis of London N6 ... How long will this sick facking paedophile keep his job at ...
    (soc.culture.greek)