Prohibition of work on local disks or what is the implementation of working with files?

V

Vasya Pupkin2021-04-07 18:40:28

System administration

Vasya Pupkin, 2021-04-07 18:40:28

In short, the management is tired of the fact that users work on local disks with files. Everything is stored on desktops, in my documents, etc. Half of the files are lost, confused, etc. At the same time, users have network balls where they need to throw files and where to work, but what is not prohibited is allowed, so the rigmarole with local files continues. Orders, decrees, deprivation of bonuses for non-compliance - this is not for Russia.
Therefore, the technical side of resolving the issue is needed:
1. I googled and tried to prohibit editing on the desktop through GPO, but there it is somehow crooked and in fact does not work, especially since no one will interfere with saving to "my documents" and working there.
2. The option with all sorts of Time Machines to restore the original state when loading is also some kind of crutch, and the implementation is long.
3. In fact, the problem is solved by banal "roaming profiles", but how much is it used now? The technology is old, maybe there is already something newer?

What essentially turns out: we have, for example, 50 PCs. We take a server with a bunch of disks in the mirror or the 10th raid. The FS service rises on it, there we create a network share, in which all profiles will be located, after which we simply point to AD to this network share in the folder created for each user.
The question is how much "brakes" will be in operation with such a network, if roughly speaking each has a 1 Gbps network and everything is connected to the HPE Aruba 2530 switch.

How else can something like this be done?

UPD 1:
And what is even more interesting is how to implement this on laptops that managers carry with them on trips. Network balls are not an option. Some people are smart and use VPN as recommended and work with files on the server, but some stupidly do it on desktops, so as not to lose these files, you need to centralize everything, or make system backups to the cloud, through which thread an application like veeam. Is this even real?

Reply

Answer the question

In order to leave comments, you need to log in

5 answer(s)

A

Alexey Dmitriev, 2021-04-07
@Desert-Eagle

Roaming Profiles are only needed when employees move between computers.
And you need Folder Redirection - when redirection of Desktop, Documents folders, etc. is done through GPO policies. to the balls on the file server.
Something like this
https://newhelptech.wordpress.com/2017/07/06/step-...

K

ky0, 2021-04-07
@ky0

Your second option is quite good - every night a control reboot with restoring the state from a frozen copy of the partition. A couple of times they will find a pristine desktop - instantly a reflex will be developed :) The main thing is that the balls are easily accessible - at least in the form of shortcuts on the same desktop.

S

Sasha Odarchuk, 2021-04-07
@Fanta

TS, you need a VDI where the laptop/PC will just be the "client"
. every morning the user gets a fresh working (read empty) profile!

A

Armenian Radio, 2021-04-07
@gbg

1) Gigabits per second is roughly equal to the speed of an average lousy hard drive.
2) Any failure of the network threatens you with the loss of all currently open files.