I know I've read about this procedure somewhere, but I'm not finding
it at the moment.
We have this application that writes out it's debug log to c:\debug.
Now, we hide drive C; from domain users using GPO (User
Configuration/Policies/Administrative Policies/Windows Components/File
Explorer/Hide these specific drives ("Restrict A.B.C")).
So what my help desk staff needs to do is to log onto these
workstations (as a specific domain account), run the software, and
need to be able to see, read (and optionally write to) this C:\Debug
location, to identify/fix problems.
(this is the "Check21" check processing software, if anyone else uses it)
What I don't know is how best to do this.
Oh, sure, I could create a whole new GPO, without that "Hide drives"
setting, and limit it only to this one domain login. But is there a
better, more efficient way to do this? I want C: drive hidden from the
majority of my users, but do need certain logons that aren't limited
this way.
And I don't want the logon to be local admin, or have any access other
than just standard domain user (or I could use a Restricted Group).
Thoughts? Advice?
(Win 2008 R2 domain)
