Controlling Where Users Save Documents

There are several levels of lock-down security that can be implemented to ensure documents are saved to a specific location, including network drive or SharePoint library. The requirements of document storage and the amount of security determine the method which will be used for enforcing your policy.

Passive Measures

The first, simplest, and most cost-effective, especially when you have a number of workstations, is to limit where Microsoft Office documents are save, by using settings within Microsoft Office itself. Each program employees are using needs their settings individually set to your chosen location. This is especially useful for organizations wishing to have their users save to a SharePoint location, since SharePoint is optimized to be at its’ best for Microsoft Office documents, and most organizations are using Microsoft Office exclusively. This method can also be used for network drives as well.

If an organization that wants their users to save to SharePoint and does not require users to have the advanced features of the Desktop version of Microsoft Office, then they can set options within the SharePoint library to cause the documents to be opened directly within SharePoint using the Web Edition Programs of Word, Excel, PowerPoint, and Access. That is not practical however for special archives where documents are being prepared from templates with many features and defaults, because it would change the nature of future documents as well as past documents, should they be edited post-implementation. However if you are a small business just starting out, limiting use to the Web application and not installing Office on the local machine enforces strictly that all work gets done in SharePoint. This is also helpful with older computers, which may be very slow running Microsoft Office. Running on the Web Application provides another advantage: you are just running a web browser; the actual application performance will be faster, for the Web Application is running on the Servers.

Policy Enforcement

Mapping My Desktop and My Documents Folder

The two methods above only involve saving Office Documents, but some organizations are also saving Adobe Acrobat *.pdf and / or Image *.bmp *.jpg *.gif *.png files of substantial importance, then you may want to include additional features. Most people save documents to their “My Desktop” or “My Documents” folder. This procedure can be used to enforce saving documents through proper configuration.

The first step is to use the Registry Editor’s HKEY Current User Software Microsoft Windows Current Version, Policies, and Explorer. Simply create a new DWORD named NoDrives. The value of the DWORD needs to be in hexadecimal format. You can blank out one or more drives, and the value of the letters A-Z of one or more drives need to be converted into a hexadecimal value. Arrange the letters from Z-A (Descending Order). Put a zero under each drive letter you are not hiding and a one under the ones you are. Starting with the one furthest to the left, you have a binary number. Convert the binary number to hexadecimal and enter it into the DWORD value. When a user opens up My Computer, they will now see all drives except the ones that have been hidden according the hexadecimal encoding. At this point, you will have successfully hidden the drives of the local machine.

Now map your network drive to the machine if this has not been done already or map the SharePoint library as a drive. Multiple SharePoint libraries can be assigned multiple network drive locations. Target both the My Documents and My Desktop folders to folders with the same names created into the appropriate target destinations using folder and search options of these folders.

Further Security Application for SharePoint

If you have SharePoint 2010 or Office 365 with SharePoint 2010, you have additional options available to protect important documents. Specifically there is a check in and check out version control that can be implemented very quickly and easily within the settings of each SharePoint document library. When you add this level of security, each person who wants to edit a document signs it out. This prevents one person from signing it out except as read only until the other user checks it back in. It is easily apparent who has stewardship of the document in question, and if anything goes wrong, an administrator can undo the latest checkout and have the last version intact. Version control allows both major and minor versions, and you can keep all versions of a document or restrict the versioning to a particular number. Strict archives will do well to enforce major and minor versions with enforced checkout maintaining all versions without limitation by number of versions. Storage conscious small businesses may elect to keep only 5 versions of a document, to improve storage utilization. However we advise organizations to carefully check their compliance requirements, for we are very sensitive to the needs of organizations to maintain compliance to industry standards as well as, state, federal, and local government standards.

Who Have We Helped With These Issues Recently

Drossman and Associates

Hunter College

We would love to include you among those who we have helped.

Give us a call at +1 516 469-02249 and get started now!

Featured Posts
Recent Posts
Follow Us
Search By Tags
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square