Can you still mount a directory? I would create a folder on the server, somewhere, then mount that to a directory on the workstation. Then when the application writes to c:\whatever it is actually writing to a shared folder on the server. Setup up that folder so that it has a subfolder with either the hostname of the workstation as a subfolder, or the username as the folder name, and when you need access to it, you can just go to the server and get the info, instead of trying to access the workstation.
My .02 cents worth. On Fri, Feb 17, 2017 at 1:15 PM, Webster <[email protected]> wrote: > Or \\ip.ad.dr.ress\c$ that bypasses drive letter blocking. > > Thanks > > > Carl Webster > Citrix Technology Professional > http://www.CarlWebster.com > The Accidental Citrix Admin > > -----Original Message----- > From: [email protected] [mailto:listsadmin@lists. > myitforum.com] On Behalf Of James Rankin > Sent: Friday, February 17, 2017 11:56 AM > To: [email protected] > Subject: RE: [NTSysADM] Some advice needed about allowing local C: drive > access > > Why don't they just browse to \\hostname\c$? > > -----Original Message----- > From: [email protected] [mailto:listsadmin@lists. > myitforum.com] On Behalf Of Michael Leone > Sent: 17 February 2017 17:34 > To: [email protected] > Subject: [NTSysADM] Some advice needed about allowing local C: drive access > > I know I've read about this procedure somewhere, but I'm not finding it at > the moment. > > We have this application that writes out it's debug log to c:\debug. > Now, we hide drive C; from domain users using GPO (User > Configuration/Policies/Administrative Policies/Windows Components/File > Explorer/Hide these specific drives ("Restrict A.B.C")). > > So what my help desk staff needs to do is to log onto these workstations > (as a specific domain account), run the software, and need to be able to > see, read (and optionally write to) this C:\Debug location, to identify/fix > problems. > (this is the "Check21" check processing software, if anyone else uses it) > > What I don't know is how best to do this. > > Oh, sure, I could create a whole new GPO, without that "Hide drives" > setting, and limit it only to this one domain login. But is there a > better, more efficient way to do this? I want C: drive hidden from the > majority of my users, but do need certain logons that aren't limited this > way. > > And I don't want the logon to be local admin, or have any access other > than just standard domain user (or I could use a Restricted Group). > > Thoughts? Advice? > (Win 2008 R2 domain) > > > -- Daniel Rodriguez [email protected]
