Ask the Expert

How to use GPOs to deny folder permissions

How can I control folder permissions to prevent users from writing files on their combo drives? Can this be done with a Group Policy Object (GPO)? I want them to have read access only.

For Windows Explorer-based functions, you can deny some folder permissions by setting up a GPO. You can also modify local policies (via gpedit.msc) and enable the "Remove CD Burning features" policy under User Configuration/Administrative Templates/Windows Components/Windows Explorer as shown in the following figure.

Use GPOs to deny write privileges

To deny write privileges for third-party applications, you're likely going to need a lock down tool such as those offered by Faronics and Fortres Grand or a host-based data leakage prevention tool such as those offered by ControlGuard and Verdasys.

Extra information on GPOs and folder permissions

  • Use Group Policy to secure removable storage devices
    Removable devices can be deadly to a Windows network. Check out this tip series to learn how to use Group Policy to prevent devices like USB drives from destroying your network.
  • Selectively set read and write permissions
    Manage the read and write permissions of certain hardware devices like Bluetooth headsets and external drives with this advice from Jonathan Hassell.

  • Group Policy management: Disabling CMD
    You can disable CMD in Group Policy in two steps according to Wes Noonan, our Windows-based network infrastructure security design expert. In this tip, he'll tell you how to prevent your network users from enabling CMD.
  • Restricting user permissions in folders
    If you have a question about managing the permissions of a folder in your domain, this advice from Jonathan Hassell tells you how to set those permissions and prevent users from deleting that folder.

This was first published in July 2007

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: