How to use GPOs to deny folder permissions

You can use a Group Policy Object (GPO) to deny folder permissions in Windows. Find out how to manage folder permissions with GPOs with this advice from Kevin Beaver.

How can I control folder permissions to prevent users from writing files on their combo drives? Can this be done with a Group Policy Object (GPO)? I want them to have read access only.

For Windows Explorer-based functions, you can deny some folder permissions by setting up a GPO. You can also modify local policies (via gpedit.msc) and enable the "Remove CD Burning features" policy under User Configuration/Administrative Templates/Windows Components/Windows Explorer as shown in the following figure.

Use GPOs to deny write privileges

To deny write privileges for third-party applications, you're likely going to need a lock down tool such as those offered by Faronics and Fortres Grand or a host-based data leakage prevention tool such as those offered by ControlGuard and Verdasys.

Extra information on GPOs and folder permissions

  • Use Group Policy to secure removable storage devices
    Removable devices can be deadly to a Windows network. Check out this tip series to learn how to use Group Policy to prevent devices like USB drives from destroying your network.
  • Selectively set read and write permissions
    Manage the read and write permissions of certain hardware devices like Bluetooth headsets and external drives with this advice from Jonathan Hassell.

  • Group Policy management: Disabling CMD
    You can disable CMD in Group Policy in two steps according to Wes Noonan, our Windows-based network infrastructure security design expert. In this tip, he'll tell you how to prevent your network users from enabling CMD.
  • Restricting user permissions in folders
    If you have a question about managing the permissions of a folder in your domain, this advice from Jonathan Hassell tells you how to set those permissions and prevent users from deleting that folder.

Dig Deeper on Windows OS and management