R
Ryan Nordman
Hi,
We're running an entirely Windows Server 2003 network with Windows XP
Pro client machines.
I'm trying to find a way to remove users ability to encrypt their
files. The extra tricky part is that it has to work in conjuction
with folder redirection. What we want to have is local machines where
none of the user's documents or files can be stored locally, they will
only have permissions to save documents in their My Documents folder.
The My Documents folder will be redirected to a server's shared
folder. But we don't want users to be able to encrypt their files so
that they can't be recovered by an administrator (our organization
will be dealing with sensitive client data that could need to be
recovered from an employee, so we can't have them encrypting their
files).
The solution I'm working towards is to find a way to remove the
"Encrypt contents to secure data" check box from the Properties ->
"Advanced..." button. Is there a way to lock this out with group
policy or something? So far I don't see a way. I've found some
information about how I could lock this down with NTFS folder
permissions regarding writing folder attributes, but since these
folders are redirected, they get automatically created by the user
account on the file share when they login, so each user has full
control of their own directory and I don't see how to automate locking
down each one (besides maybe some advanced scripting).
Any input would be greatly appreciated!
-Ryan
We're running an entirely Windows Server 2003 network with Windows XP
Pro client machines.
I'm trying to find a way to remove users ability to encrypt their
files. The extra tricky part is that it has to work in conjuction
with folder redirection. What we want to have is local machines where
none of the user's documents or files can be stored locally, they will
only have permissions to save documents in their My Documents folder.
The My Documents folder will be redirected to a server's shared
folder. But we don't want users to be able to encrypt their files so
that they can't be recovered by an administrator (our organization
will be dealing with sensitive client data that could need to be
recovered from an employee, so we can't have them encrypting their
files).
The solution I'm working towards is to find a way to remove the
"Encrypt contents to secure data" check box from the Properties ->
"Advanced..." button. Is there a way to lock this out with group
policy or something? So far I don't see a way. I've found some
information about how I could lock this down with NTFS folder
permissions regarding writing folder attributes, but since these
folders are redirected, they get automatically created by the user
account on the file share when they login, so each user has full
control of their own directory and I don't see how to automate locking
down each one (besides maybe some advanced scripting).
Any input would be greatly appreciated!
-Ryan