Restrict Users to Store Data in Local Drive, Desktop, Document, Downloads Etc

Prateek Singhal 1 Reputation point
2020-10-16T20:38:09.107+00:00

What would be the proper way to restrict users from Storing Data in Local Drive, Desktop, Document, Downloads Etc.

I want to deploy this policy on Hostname basis and not for specific user because that will restrict the same user to access Storage on his other systems where he logins.

What could be the possible solution? Please suggest!

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management, data storage, applications, and communications.
2,647 questions
Windows Group Policy
Windows Group Policy
A feature of Windows that enables policy-based administration using Active Directory.
2,141 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,425 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. udara peiris 566 Reputation points
    2020-10-16T23:40:52.87+00:00

    Create a Group policy object and configure following setting on that to block disk C:

    User Configuration \ Administrative Templates \ Windows Components \ Windows Explorer. Then on the right side under Setting, double click on Prevent access to drives from My Computer.

    Then, Select Enable then under Options from the drop down menu you can restrict a certain disk.

    32960-2drive.png
    33035-drive.png

    Then you can link that GPO into the OU where your PCs are located.

    To restrict desktop, You can do like following,

    1. Create a Group Policy Object, go to Computer Configuration > Policy > Windows Settings > Security Settings > File System
    2. Right click and add %userprofile%\Desktop ( or another different folders that you want to restrict)
    3. Then Specify the permissions
      33051-1461573.png
    2 people found this answer helpful.
    0 comments No comments

  2. Vicky Wang 2,596 Reputation points
    2020-10-19T09:06:19.813+00:00

    Hi,
     
    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
     
    Best Regards,
    Vicky

    0 comments No comments

  3. Vicky Wang 2,596 Reputation points
    2020-10-22T09:19:34.47+00:00

    Hi,
     
    Just want to confirm the current situations.
     
    Please feel free to let us know if you need further assistance.
     
    Best Regards,
    Vicky 

    0 comments No comments

  4. RCDA Webmaster 281 Reputation points
    2022-03-31T12:58:30.093+00:00

    That sounds like a good idea as this prevents users from writing to the C drive. Also this prevent folks from saving to the desktop. This will force folks to put files on a thumb drive and use them from there.

    When programs like the zoom client need to be updated at the start of a meeting, I don't want folks calling me because they can't get in due to an inability to update the client. Also some folks use other meeting software like WebEx.

    0 comments No comments

  5. Naresh 1 Reputation point
    2022-07-26T10:31:37.953+00:00

    Hi Team,
    I have tried this but policy does not applied, not getting restricted. Please suggest what is the causing the issue.

    I did this for desktop restriction but not working

    1. Create a Group Policy Object, go to Computer Configuration > Policy > Windows Settings > Security Settings > File System
    2. Right click and add %userprofile%\Desktop
    0 comments No comments