Restrict user from Drive C – GPO

 

File System Permission Change Group Policy:

The Domain users have rights to create/delete files in Drive C:\ by default. If we want to restrict users then we can use this GPO :

 

  1. Start Group Policy Managementconsole.

  1. Choose GPO object, Right Mouse Buttonclick and click Edit;

  1. Navigate to Computer Configuration\Policies\Windows Settings\Security Settings;
  2. Right Mouse Buttonclick on File System and click Add File;

  1. Select Local Disk (C:) and click OK;

  1. In the Database Securitywindow, Choose Users group, then set the permissions you want, then click OK;

  1. In the Add Objectwindow, select the ACL inheritance “Propagate inheritable permissions to all subfolders and files” you want, then click OK;

  1. The Group Policy Editor displays the new object name;

  1. Deploy the Policy to target OU, and do the tests on test machines.
Exit mobile version