For Windows Explorer-based functions, you can deny some folder permissions by setting up a GPO. You can also modify local policies (via gpedit.msc) and enable the "Remove CD Burning features" policy under User Configuration/Administrative Templates/Windows Components/Windows Explorer as shown in the following figure.
Use GPOs to deny write privileges
To deny write privileges for third-party applications, you're likely going to need a lock down tool such as those offered by Faronics and Fortres Grand or a host-based data leakage prevention tool such as those offered by ControlGuard and Verdasys.
Extra information on GPOs and folder permissions
- Use Group Policy to secure removable storage devices
Removable devices can be deadly to a Windows network. Check out this tip series to learn how to use Group Policy to prevent devices like USB drives from destroying your network.
- Selectively set read and write permissions
Manage the read and write permissions of certain hardware devices like Bluetooth headsets and external drives with this advice from Jonathan Hassell.
- Group Policy management: Disabling CMD
You can disable CMD in Group Policy in two steps according to Wes Noonan, our Windows-based network infrastructure security design expert. In this tip, he'll tell you how to prevent your network users from enabling CMD.
- Restricting user permissions in folders
If you have a question about managing the permissions of a folder in your domain, this advice from Jonathan Hassell tells you how to set those permissions and prevent users from deleting that folder.
Dig deeper on Windows legacy operating systems
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.