+ Post New Thread
Results 1 to 5 of 5
Windows Server 2008 Thread, Office 2007 'save as' lockdown - Help! in Technical; Hi All, I know this is a server forum, but please read on... I have tried to lock down our ...
  1. #1
    Koldov's Avatar
    Join Date
    May 2011
    Location
    Bedfordshire
    Posts
    524
    Thank Post
    102
    Thanked 55 Times in 48 Posts
    Rep Power
    40

    Office 2007 'save as' lockdown - Help!

    Hi All,

    I know this is a server forum, but please read on...

    I have tried to lock down our student profile as tight as I can and for the most part it seems to be working.

    However, there is one loophole I can't plug and it concerns me. I have locked down drives A:\ B:\ C:\ and D:\ unfortunately I can't lock down all drives due to their home drive and such.

    This works fine, even for hyperlinks and Internet Explorer, but plug in a USB stick and although there is no autoplay and they do not have access to Explorer, all you need to do is open an Office document, click 'save as' and there is the Home Drive, click up one level and there is My Computer with the E:\ drive USB stick... Ready to drag and drop your files and cause potential mayhem!

    I've looked through GPO and GPP but can't find what I need, can it be locked down with the 2007 adm? I have never used a specific GPO template so I can't tell if it's installed or not. If anyone has it does it do this kind of thing?

    Kol.

  2. #2


    Join Date
    Dec 2005
    Location
    In the server room, with the lead pipe.
    Posts
    4,650
    Thank Post
    275
    Thanked 780 Times in 607 Posts
    Rep Power
    224
    Why not simply disable removable storage devices in a GPO?

    Computer Config > Administrative Templates > System > Removable Storage Access

    Note that this applies to everyone if you use it in a loopback policy (we do). So ensure teacher workstations don't share an OU with pupil workstations (or filter appropriately by group).

  3. #3

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    395
    Assuming you don't have some other endpoint security system (such as Impero), another option is to use USB Drive Letter Manager - USBDLM to stop the USB sticks from being given a drive letter at all. Have a read through of the "Letters by Device Type" section in the USBDLM Help.

  4. #4
    Koldov's Avatar
    Join Date
    May 2011
    Location
    Bedfordshire
    Posts
    524
    Thank Post
    102
    Thanked 55 Times in 48 Posts
    Rep Power
    40
    Actually none of the computers are in seperate OU's and nothing is applied to them directly, it is all user based GPO's as there are a lot of different user groups from teachers and T.A.'s to pupils using the same computers.

    Something running as a service on the local pc independent of the user to block USB drives for everyone wouldn't work for us I don't think. I was really hoping this was achievable on the OS level via GPO or GPP.

    Kol.

  5. #5

    Join Date
    Sep 2012
    Location
    Nottingham
    Posts
    36
    Thank Post
    1
    Thanked 4 Times in 4 Posts
    Rep Power
    5
    I think you can only set a default save location in the ADMX files. Do you want to restrict USB drives all together?

SHARE:
+ Post New Thread

Similar Threads

  1. Office 2007 default save format
    By Geoff in forum Office Software
    Replies: 11
    Last Post: 4th April 2012, 01:48 PM
  2. [MS Office - 2010] Office 2010 Save As
    By Techdw in forum Office Software
    Replies: 7
    Last Post: 2nd December 2010, 11:32 AM
  3. Word 2007 save as 2003 default
    By itguy22 in forum Office Software
    Replies: 10
    Last Post: 1st March 2010, 02:56 PM
  4. Replies: 4
    Last Post: 14th August 2009, 01:58 AM
  5. MS Office 2007 default 2003 format save
    By zag in forum Educational Software
    Replies: 4
    Last Post: 24th April 2007, 10:44 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •