How can I limit where domain users can save files on their computer using active directory policy?
We want to force users connecting to a domain to save personal files (doc, word, excel) to their network drive. How can we prevent them from saving files to their desktop and/or My Documents, etc. To prevent normal users from saving to a folder i.e. their desktop, you could run the following command: %LOGONSERVER%\Netlogon\xcacls “%USERPROFILE%\Desktop” /P “%USERDOMAIN%\%USERNAME%”:RX Administrators:F System:F /Y note: you will need xcacls to do this. You can get this from MS here: http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/xcacls-o.asp For a bit more info on this you can go here: http://www.petri.co.il/forums/showthread.php?p=549#post549 I strongly recommend that you look at the MS Group Policy white papers: http://technet2.microsoft.com/WindowsServer/f/?en/library/b9cb929b-4c2f-4754-ad31-d154bb8105771033.mspx There’s a TON of great info on this site. I’m sure you’ll find what you need there. Best of luck!
