I'm feeling really thick at the moment because I know what I want to do should be possible and should be dead easy to do, but maybe I'm getting confused.
We have a policy set to restrict access to the C Drive which we want to remove for a group of 6 students when they use a group of machines for media so that they can caputre their work to the local drives.
I thought I could do this by filtering the group policy security but I'm being thick about the way I'm doing it.
At first I thought if I added the computer and Student groups to the policy and removed the authenticated users group then that should restrict it enough, but it allowed students access to the C drive on any machine, not just the one specified. Removing the student group and leaving the computer group then prevented the group policy from being applied. Removing the computer group and allowing the student group results in them being able to access the C drive on any machine again.
Am I missing a trick on how to restrict it to a group of students on a group of machines or am I just trying to do the impossible?
We partition the hard drives and give them access to the non-system partition.
For ease (and to not over complicate your GPO permissions) I'd create a new OU with the machines in, a group for the 6 students, have the machines in the OU and apply a new policy to domain computers and the user group which specifies just that individual GP setting (and user loopback processing).
We need to use the OEM recovery partition on the HDD which messes things up a little with reagards to repartition the disk unfortunately, although hopefully the machines will get replaced this summer so that I can get a 2nd HDD fitted which will solve the problem for next year.
Never gave loopback a thought and should solve the immediate problem, will check monday. Cheers Willott!