How to disallow restore by shadow copy

[freenasbbs]

hello~~
freenas 9.2.1.9, zfs, cifs, permission type:windows

i have a periodic snapshot tasks(lift time one month)

on windows explorer,
right_click share folder--properties--perviouts versions

i can see the old versions of this share folder(like bellow pic).

and how to do this:
1.allow users view and copy old verions of share folder (Now is OK)
2.not allow users restore old versions of share folder

because i am afraid that all files in the folder will restore by a wrong operation.
if users want to restore the old files,they can copy files to their pc and then replace.

thanks help!!!

 

[anodos]

I think you can remove this by pushing out a GPO for your users with the following registry entry:
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer"
"NoPreviousVersionsRestore"
"1"

 

[freenasbbs]

thanks~~
i add registry entry in my computre and the result is good.

but ,i have no AD，how can i pushing GPO to all computers?
can i do this by freenas server only?

 

[anodos]

thanks~~
i add registry entry in my computre and the result is good.

but ,i have no AD，how can i pushing GPO to all computers?
can i do this by freenas server only?

Not really. This is one of the problems that AD was designed to solve. AD is much more than just a mechanism to do single-sign-on.

You might be able to do it if you configure samba4 as an AD DC. Of course, this requires time and testing. You also shouldn't have the same samba4 instance act as a file server and a DC. This means either more hardware or configuring the DC in a jail.

As far as speeding things up in your current circumstances, you can export the key as a .reg file or create a .bat script to add the key. Syntax for .bat is here: http://technet.microsoft.com/en-us/library/cc742162(v=ws.10).aspx

If you have more than 10 computers, I highly recommend learning / using active directory. Eventually your time spent on manually making these changes will cost more than server licenses and cals.