Enterprise Security is always a hot topic and there are so many areas to cover in terms of Enterprise Security. Personally, I think of two areas at a very high level. The End-Point and the Network. These are two areas to begin with if you want to start focusing on Enterprise Security.
I will begin a series of blog post on Enterprise Security in the coming weeks, months or years. This is the first blog post on Enterprise Security and I am going to illustrate how to use GPO to lock down a user profile to a network location.
First, let me explain the synopsis. Every company will always want to protect its data from being leak into the hands of its competitors. Sadly, the primary source of leak is usually from internal, yes from its employees. How many of you have copy data into your USB storage devices? Let me remind you that every piece of work that you do at work belongs to the company. So as part of IT Enterprise Security, you have to ensure that these confidential data does not leave your company.
So this blog post I will illustrate how to create folder redirection to redirect a user profile to a network storage. There are a few benefits of doing this.
- User data is not stored locally on hard disk. Data will reside on your file server.
- User can logon to any computer as their profile are now on network storage. No worries of client hardware failure.
- User will not scream at you when their desktop hard disk crashed and they lost all their years of work.
- User Group Policy to set disk quotas, limiting how much space is taken up by user profile folders.
Folder Redirection is located under \User Configuration\Policies\Windows Settings\Folder Redirection.
The Target tab of the folder’s Properties box enables you to select the location of the redirected folder on a network storage. You can choose a few options from the drop-down list.
- Basic – Redirect everyone’s folder to the same location
- Redirect to the following location
- Redirect to the local user profile location
- Advanced-Specify locations for various user group
- Follow the Documents folder. (Available only for Music, Pictures and Videos folder)
The Settings tab in the Properties box for a folder enable you to configure the follow settings:
- Grant the user exclusive rights
- Move the contents of [FolderName] to the new location
- Also apply redirection policy to Windows 2000, Windows 2000 Server, Windows XP, and Windows Server 2003 operating systems.
- Policy Removal
This is the first series of locking down an End-Point client by storing its data on a network storage instead of having it on local hard disks. To find out more, please read refer to TechNet.