A Deny?
Webster -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Michael Leone Sent: Friday, February 17, 2017 11:34 AM To: [email protected] Subject: [NTSysADM] Some advice needed about allowing local C: drive access I know I've read about this procedure somewhere, but I'm not finding it at the moment. We have this application that writes out it's debug log to c:\debug. Now, we hide drive C; from domain users using GPO (User Configuration/Policies/Administrative Policies/Windows Components/File Explorer/Hide these specific drives ("Restrict A.B.C")). So what my help desk staff needs to do is to log onto these workstations (as a specific domain account), run the software, and need to be able to see, read (and optionally write to) this C:\Debug location, to identify/fix problems. (this is the "Check21" check processing software, if anyone else uses it) What I don't know is how best to do this. Oh, sure, I could create a whole new GPO, without that "Hide drives" setting, and limit it only to this one domain login. But is there a better, more efficient way to do this? I want C: drive hidden from the majority of my users, but do need certain logons that aren't limited this way. And I don't want the logon to be local admin, or have any access other than just standard domain user (or I could use a Restricted Group). Thoughts? Advice? (Win 2008 R2 domain)
