Content policy?
September 14, 2006 6:06 PM   Subscribe

You should be able to enforce this with windows policies in windows XP professional and 2000 (dunno about other windows versions, I believe this will require NTFS). On Unix, this is the default. On Mac OS UNIX it is hopefully still the default.
posted by shepd at 6:16 PM on September 14, 2006

On Unix it's possible to host the local drives on an NFS (or smb for that matter) partition. That would mean that for them it would be local, but you could manage the data better.

However, as usual, since you didn't mention the OS, I'd assume that you are talking about Windows users.
posted by Kickstart70 at 6:19 PM on September 14, 2006

Deep Freeze, Altiris Protect, Clean Slate, etc.

What you need is disk protection software. You deploy image, allow local administrator so that user's can (and will) install whatever software they like during their session (or, use roaming profiles if applicable) and any content written to the local disk is automatically wiped on logout or reboot. It has a remarkable way of forcing users to use network storage when they continually lose their data.

It's really the only reliable way that's non-intrusive (to a certain extent) to prevent users from using their local drives to store data.

A word of caution though. If you're going to do it, make sure you provide enough network storage space for work-related material. You'll notice a rather sharp spike in network storage space utilization so be prepared.
posted by purephase at 6:43 PM on September 14, 2006

You could use something like Mapping Tool, which allows you to map a drive as a folder.

The idea being, you could create a login script that would map a network drive, F:, to \\SERVER\UserName\Documents

Then, using Mapping Tool, you'd map the F drive to the folder C:\Documents and Settings\Username\My Documents

Then, anything saved into C:\Documents and Settings\Username\My Documents would really end up on F:\


Another option would be to create a very small local partition, say 10MB in size, and move the My Documents folder to that new partition.
posted by odinsdream at 6:45 PM on September 14, 2006

In my experience, users who fail to comply with reasonable requests from sysadmins generally do so not out of bloody-mindedness, but out of sheer ignorance.

There are many users for whom the whole notion of where their data goes is vague and fuzzy - how many times have you asked "where did you save your file?" and been told "In Word!"

If that's what you're fighting, and I suspect it is, you'll fix 80% of your problems just by making sure that My Documents points to a network folder, and that My Documents is the default location for saving things in whatever apps you're using.

You'll fix 80% of the remaining 20% by adapting your policy to fit your users instead of doing things the other way around. This is easier, because there's one policy but many users. So: what are your priorities? What's the main problem the present policy is designed to solve? Are you trying to prevent unauthorized access to data, or are you trying to ensure that backups are made, or are you trying to minimize support requests, or what?

The last 4% of problems are never going to go away whatever you do, so don't sweat those.
posted by flabdablet at 7:11 PM on September 14, 2006

In 2000/XP/2003, edit the user, go to the Profile tab & set their Home Folder to a network drive. I think the network drive has to be mounted first.

Under nix, mounting /home via NFS isn't really a problem.. just make sure you have the entry in /etc/fstab. The only thing you have to avoid is having /root be there, but it shouldn't be anyway (that's the whole point..) unless your distribution is really exceptionally braindead.
posted by devilsbrigade at 8:17 PM on September 14, 2006

(not to hijack this thread, but am I the only one who utterly HATES this kind of "policy"? sometimes i NEED to have the files saved locally, as the network drive is slow, or the connection is unreliable, etc.)
posted by slater at 2:12 AM on September 15, 2006

In Windows, setting the home folder to a network drive just establishes a drive letter mapping. It doesn't actually change where My Documents goes. I'm sure there's some separate Group Policy juju for that; personally, I just make sure my default (new user) profile (under \\your-logon-server-name-here\netlogon\Default User) has My Documents mapped to N:\Documents (N: being the drive letter I assign to user home folders).
posted by flabdablet at 5:08 AM on September 15, 2006

slater: I would get bitter complaints from the 20% of users who know what they're doing if I actively prevented them from writing to their local hard drives, and quite rightly so. It's easy to explain to the clueful that I can't back their stuff up if they choose to do that. But clueful users are not, in general, problematic.
posted by flabdablet at 5:13 AM on September 15, 2006

As a former sysadmin who solved this problem:
1. Don't let your users be local admins. This can effectively end the saving-files-locally problem.
2. Use roaming profiles. This means that files saved to the desktop are mirrored out onto a server location on a regularly reasonable interval.
3. Use Group Policy. It has a Folder Redirection feature that will enable you to redirect the locations of interesting folders like My Documents to a networked location.
4. Educate your users about why you are making this policy. Explain to them that the changes that you made (steps 1-3) were done in the interests of protecting their hard work. Ask for their help in protecting their data. Simply making rules without explaining them, especially in this arena, tends to generate a lot of resistance.
posted by rachelpapers at 6:36 AM on September 15, 2006

« Older Possibly a longshot : can anyo...   |   I would like to hear about you... Newer »

This thread is closed to new comments.