File System Permission Change Group Policy:
The Domain users have rights to create/delete files in Drive C:\ by default. If we want to restrict users then we can use this GPO :
- Start Group Policy Managementconsole.
- Choose GPO object, Right Mouse Buttonclick and click Edit;
- Navigate to Computer Configuration\Policies\Windows Settings\Security Settings;
- Right Mouse Buttonclick on File System and click Add File;
- Select Local Disk (C:) and click OK;
- In the Database Securitywindow, Choose Users group, then set the permissions you want, then click OK;
- In the Add Objectwindow, select the ACL inheritance “Propagate inheritable permissions to all subfolders and files” you want, then click OK;
- The Group Policy Editor displays the new object name;
- Deploy the Policy to target OU, and do the tests on test machines.