Prevent audio files from being stored locally on a workstation.
Is it possible to prevent a user saving certain user file types, such as audio, locally to their hard drive or removable disk ?
Can I prevent a user copying files from a network share where they have read access to ?
Why you ask?
Well our phone systems run on Asterisk and every telephone conversation is recorded, encrypted then archived away each night on a file server. Sometimes sensitive information is exchanged during a telephone call which is why we encrypt them in case our systems were ever breached. From time to time, we need to pull call recordings for users, decrypt them and copy them to a network share that has tight access rights for a small group of users to retrieve. I have a script which runs through this location on a weekly bases and shred's all it's contents.
Here's some background info:
- We run Server 2008 r2 or greater across multiple sites.
- Roaming profiles are not enabled
- Each user has a home directory drive mapped to H which is replicated across all the sites.
- Unencrypted call recordings are in saved in the wav format.
- We are only allowed to store calls for upto 7 days in an unencrypted format.
- Workstations are all Windows 7 Ultimate, with the exception of about 30 x Vista SP2 Business Machines.
- All workstations are switched off after hours.
- Users can only write files inside their user profile.
Once we have retrieved a call and moved it to the special network share, users can go in and listen to the call(s). As users can read files from this directory, they can also copy from it so that can make it difficult for us to keep track of the unenrypted calls and recently we've discovered some users are copying the call locally hard drive to avoid the call being deleted on a weekly bases. In most environments, this wouldn't be an issue however we (IT Depart) don't know the call has been copied so it could sit unencrypted locally on their local hard drive for weeks if not months before it's picked up by an IT staff member who would then shred it. Back to my questions: Is it possible to prevent a user saving certain user file types, such as audio, locally to their hard drive or removable disk ? And, can I prevent a user copying files from a network share where they have read access to ? Or is there a better solution ?
Any help an/or advice would be much appreciated ! Thanks in advanced
It's been a while since I posted in here and I see the site has had a wee face lift - looking good guys!