In the Security Filtering section, add the Domain Admins group. To do it, open the GPO management console gpmc. Custom Classes: Deny read access. Here's some instructions for doing that: Go to your DC, Open ADUC, create a security group 'Lock down c drive' say for users who will not be able to save files to root drive.
General Discussion Disable write access to personal folder root location of user area Hi all, Im not sure if anyone else has had this problem or noticed it, but I have enabled the GPO prevent users from adding files to the root of thier users files folder on our network as we use folder re-directs to my documents which in theory should keep everything tidy.
Figure 3: Select file or folder which you want to assign permissions on Browse the folder or file that you wish to assign permissions on, and left click to select it.
In this case, users will be able to read the data stored on a USB flash drive, but when they attempt to write information to it, they will receive an access error: Destination Folder Access Denied You need permission to perform this action You can deny to run executable and script files stored on USB-drives using Removable Disks: Deny execute access policy.
It's not reliable or robust and I've seen lots of admins in education, for example, go crazy trying to look this down against anything students can do but it is futile.
This works up until a Add the security group 'Lock down c drive'.
In this article, you will see the process of assigning file and folder permissions across a domain through GPO. A confirmation message appears on the screen. For this, make an additional entry for those subfolders and files that will not inherit permissions e.
Tape Drives: Deny read access.