|

Restrict Saving Files To Local Drives

ByJorge Pereira
Tags: , , , , , , ,

A good question popped this week in my email. How do I prevent users from saving files to local drives, while still allow them to save to OneDrive folders?

I think a lot of organizations would like ( or are doing it already) to do this, but the answer may have some complexity to it that really depends on what you want to do.

First and foremost, I had to explain that OneDrive, and most of the other common cloud-based file storage systems, still store data locally and then sync the data to the cloud. With Windows 10 version 1709 and beyond, OneDrive has the Files on Demand option which allows to display cloud only files in File Explorer but if you click on it to use it or view it , it will be downloaded to the local device temporarily.

Then the second piece of the conversation involves explaining completely locking access to local drives might not be a great idea, as many applications use temporary files locally .

I then proceed to explain that if the purpose is to protect your data, then a better way is to implement Windows Information Protection which allows you to protect the files and automatically assign polices to files ( attached classification to them as corporate files)

Having said this, below is how you will lock everything, although I would allow a few exceptions ( c:\temp or c:\<user>\UserData ) for those times in which users need this and make it clear these files are not backed up.

OneDrive Settings

OneDrive is fully integrated into Windows 10, and therefore you can set OneDrive as the default save location for all data or just specific files.

You can find information on OneDrive settings on Microsoft OneDrive Documentation including how to do this with Microsoft Intune using Administrative templates. ( Manage OneDrive Settings and Use OneDrive policies to control sync settings )

Group Policy to Block a device

  • You can create a Group policy object and configure the settings to block / restrict access to one of several disks.
  • You can then link that GPO into the OU those devices are placed in.

Good source: Restrict Users to Store Data in Local Drive, Desktop, Document, Downloads Etc – Microsoft Q&A

Additional Resources:

Hope this helps ! — Send your ideas / suggestions / additions via Twitter to: @moderneuc

Accomplished Information Technology services professional with over 25 years of experience performing technical pre-sales, solution selling, public speaking / presentations, consulting, project delivery and program management. Over the past few years, Jorge has focused on customers solutions in the areas of: Artificial Intelligence, Generative AI, Workforce transformation, End-User-Computing (EUC) Lifecycle Management, Modern Device Management, and Cybersecurity.

Disclaimer:  I work for Dell Technology Services as a Workforce Transformation Solutions Principal.    It is my passion to help guide organizations through the current technology transition specifically as it relates to Workforce Transformation.  Visit Dell Technologies site for more information.  Opinions are my own and not the views of my employer.

Similar Posts

Windows 10 Patch Information is Back
|

Windows 10 Patch Information is Back

ByJorge Pereira

It is good to see that after listening to the feedback coming back from their enterprise customers, Microsoft is reconsidering the publishing of what is included in each of the patches.     In and early report Microsoft said that it would not provide detailed information about most Windows 10 patches.  That plan did not sit well with IT managers…