Probably a bit expensive for your means, but we use AppSense coupled with mandatory profiles. It allows you to disable menus, buttons, functions and keystrokes in Windows, which means our users can't even think about hiding files or changing their attributes. They had to fight tooth and nail to be allowed to use the right-click menu, and even then I disabled just about everything on it.
2008/5/22 Angus Scott-Fleming <[EMAIL PROTECTED]>: > On 22 May 2008 at 14:10, [EMAIL PROTECTED] wrote: > > > Is there an easy way (group policy perhaps?) to prevent people from > hiding > > files? I beleive it can be done from NTFS permissions and setting a > folder > > so that the Write Attributes permission is denied, but this seems a bit > > time consuming to setup on every single folder I want this done for... > > > > We have 1500+ user accounts that have home directories we do NOT want > them > > to be able to hide anything in those home directories. There's also some > > network shares we don't want these users to be able to hide files/folders > > inside them as well. I'm hoping or a GPO alternative to settings the > NTFS > > perms all all these folders/drives/files, etc. > > > > This is a behavioral issue that IMHO shouldn't necessarily be solved from a > technical standpoint. One thing you could do is write a > hidden-file-scavenging > or -deleting routine which removes all hidden files from their home > directories > and places them in protected storage where only the admins and/or the > employees's supervisors can see what their employees are trying to hide. > If > they're not supposed to be hiding files, they certainly can't complain when > they're gone, can they? [insert evil BOFH grin]. And scavenging these > files or > even just producing a daily log that is emailed to the employee and his/her > supervisor automatically would certainly cut down on the behavior. > > One thing you might try is setting the GPO to prevent users from showing > hidden > files, that way they won't be able to see the files once they're hidden. > However, if they know the exact path-and-name they'll still have access > (through [Start] -> run -> "c:\documents and settings\myname\my > documents\name_of_hidden_file.ext"), and if they can run software from a > USB > stick, they can still use Explorer-alternatives like Total Commander to > display > hidden files regardless of the registry setting. > > Anyway, the way I'd approach this is through management as much as through > technical means. > > > I'm going to see if maybe disabling the context windows (the menu that > > appears from right clicking on a file or folder) does the trick -- the > > users do not have access to CMD.exe so they cannot use the .exe command > on > > a file/folder. > > I hope that also disables [Alt-Enter], which brings up the "Properties" > window > for any file/folder. > > -- > Angus Scott-Fleming > GeoApps, Tucson, Arizona > 1-520-290-5038 > +-----------------------------------+ > > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
