Group policy that does not allow writing on disks

Santiago Quintín Beltran 1 Reputation point
2021-11-29T21:42:38.58+00:00

I am looking with the policies of a Windows server 2016 how can I restrict users to have write permissions on any disk, if there is any GPO that allows to do this how would it be found and what is the configuration process.

Windows
Windows
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,638 questions
Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
11,931 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,724 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. Dave Patrick 425.7K Reputation points MVP
    2021-11-30T00:03:26.673+00:00

    You can use this one to hide the drives.
    https://learn.microsoft.com/en-us/troubleshoot/windows-client/group-policy/using-group-policy-objects-hide-specified-drives

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  2. Dave Patrick 425.7K Reputation points MVP
    2021-11-30T03:08:35.64+00:00

    You could try working through this one.
    https://www.lepide.com/how-to/assign-permissions-to-files-folders-through-group-policy.html

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  3. Dave Patrick 425.7K Reputation points MVP
    2021-11-30T18:38:12.52+00:00

    I need this policy to be applied under an entire domain and impact all users of that organization

    The only way to do this is adjust the share and or underlying NTFS permissions for the users or groups in question.

    --please don't forget to upvote and Accept as answer if the reply is helpful--


  4. Limitless Technology 39,296 Reputation points
    2021-12-02T10:08:20.937+00:00

    Hi there,

    Navigate to User Configuration \ Administrative Templates \ Windows Components \ Windows Explorer. Then on the right side under Setting, double click on Prevent access to drives from My Computer.

    Select Enable then under Options from the drop-down menu you can restrict a certain drive, a combination of drives, or restrict them all.

    Restricting all drives means they can’t access the CD or DVD drive, and cannot use a flash drive if they need to get files from it.


    --If the reply is helpful, please Upvote and Accept it as an answer--

    0 comments No comments