Ikshaar Posted June 10, 2016 Share Posted June 10, 2016 I have set up a shared folder on our server (2012R2) that one of our software is accessing through its UNC. However I would like to prevent users to be able to mount that same folder directly as a drive on their desktop and possibly mess the files, any ideas ? I cannot disable mounting shared drive all at once as we have other valid networked drives. Link to comment Share on other sites More sharing options...
Tomo Posted June 10, 2016 Share Posted June 10, 2016 Share the folder with an $ at the end to hide it from users? Link to comment Share on other sites More sharing options...
sc302 Veteran Posted June 10, 2016 Veteran Share Posted June 10, 2016 there is no real way to stop people from mounting a drive letter if they know how and the path at least not without a few restrictions with gpo. But this would disable their capability to do a lot of things, not just mounting a drive to a letter. FWIW, a user could simply type in the unc path and get there if they have rights to do so. Why not just restrict the share to only a service account that the software uses for read+write access, and limit everyone else to either no access or read only access (depending on what they actually need in that path). Do a little security around the share vs restricting their capability to modify/mess up files by restricting mapping...restricting mapping really isn't security or making sure that they won't mess up anything...giving them read only access would make sure they won't mess up anything, not giving them access at all would also be another way to not mess up anything. If you need certain users to be able to write, put them in a group and call that group something like "software RW", put people in that group and give that group read+write access...boom, they have read and write access to that folder.. Remove everyone, users, domain users, and any other encompassing groups to that folder and only give specific groups (which will be users within those groups) access. Jim K 1 Share Link to comment Share on other sites More sharing options...
Jason S. Global Moderator Posted June 10, 2016 Global Moderator Share Posted June 10, 2016 wouldnt you just change the sharing permissions to give access to only that user? remove everyone else including the 'everyone' default. (edit) - yeah, what sc302 said Link to comment Share on other sites More sharing options...
Recommended Posts