Home / server / Questions / 453468
Accepted
webnoob
Asked: 2012-11-30 07:17:39 +0800 CST

Prevent users from creating / copying / moving anything except .exe

  • 772

We have a program that compiles executables into a folder into c:\bin. Ideally I would like to share this folder so users can access the exe's within but stop them creating any other files in there. The reason for this is to stop users grabbing source code and putting it in a shared drive then taking it.

We have a Domain Controller setup and all the users belong to a specific security group.

Is there any way to achieve this?

EDIT: TO clarify, I need to stop users from creating or moving files INTO the C:\bin folder which are not executables.

windows-7

1 Answers

  1. Best Answer

    TO clarify, I need to stop users from creating or moving files INTO the C:\bin folder which are not executables.

    I think what you want is a File Screening policy using the File System Resource Manager available on Windows Server 2008 and later. You can have a policy that only allows *.exe to exist in a certain directory.

    From the linked document:

    Create file screens to control the types of files that users can save and to send notifications when users attempt to save blocked files.

    Define file screening templates that can be easily applied to new volumes or folders and that can be used across an organization.

    Create file screening exceptions that extend the flexibility of the file screening rules.

    • 2