Announcement

Collapse
No announcement yet.

stop using 'up button' when in my documents

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • stop using 'up button' when in my documents

    I'm trying to prevent access to the C: drive which is enabled in a GPO, however users can use the 'UP' button when in 'My Documents'
    can this button be disabled? and where is the policy if it can?

  • #2
    Hi Jonny_2good,

    Would you please tell me how you prevent access to the C drive by using GPO. ( I use the option to hide the drive but it has a draw back as you you can always can Save as and type C:\)

    Thanks
    Teamwork

    Comment


    • #3
      I've been told by a MS support person that this is not possible. If you hide the c: drive you can easily go into word and select open, then type c:\*.* to see the c:z\ drive. Or even easier create a shortcut in your My Documents to c:\. An expected quote from the MS support person "It's by design".

      EDIT: You just need to lock down you c:\ drives with NTFS permissions.
      Server 2000 MCP
      Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

      ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

      Comment


      • #4
        it should be possible some way... but i don't know how..
        but res powerfuse can do that.

        http://www.respowerfuse.com/
        Marcel
        Technical Consultant
        Netherlands
        http://www.phetios.com
        http://blog.nessus.nl

        MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
        "No matter how secure, there is always the human factor."

        "Enjoy life today, tomorrow may never come."
        "If you're going through hell, keep going. ~Winston Churchill"

        Comment


        • #5
          Ok maybe I should clarify. It can't be done without using a third party product of which Microsoft don't know of any which they have tested and endorsed (i.e. Designed for Widnows XP/2000 logo).

          There are a few third party products but hey this is what NTFS permissions are all about - much better practice than paying for a third party product. But thats just my opinion.
          Server 2000 MCP
          Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

          ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

          Comment


          • #6
            cheers guys

            problem is I work in a college and the students cause havoc when they can get into the C drive.
            I have locked all the files down with NTFS, problem was when accessing the C drive they were using winchat.exe etc sending messages to each other that they were going to die !

            in my doc's, my pictures they could go up and then into the domain controller as they get their start menu from there and that's when havoc was caused but I've locked that down so the worst they can now do is maybe get into the C drive.

            cheers anyway it did help

            Comment


            • #7
              the gp below should help also look at the other options within the windows explorer section,



              Setting Path:
              User Configuration/Administrative Templates/Windows Components/Windows Explorer

              Prevents users from using My Computer to gain access to the content of selected drives.

              If you enable this setting, users can browse the directory structure of the selected drives in My Computer or Windows Explorer, but they cannot open folders and access the contents. Also, they cannot use the Run dialog box or the Map Network Drive dialog box to view the directories on these drives.

              To use this setting, select a drive or combination of drives from the drop-down list. To allow access to all drive directories, disable this setting or select the "Do not restrict drives" option from the drop-down list.

              Note: The icons representing the specified drives still appear in My Computer, but if users double-click the icons, a message appears explaining that a setting prevents the action.

              Also, this setting does not prevent users from using programs to access local and network drives. And, it does not prevent them from using the Disk Management snap-in to view and change drive characteristics.

              Also, see the "Hide these specified drives in My Computer" setting.

              Comment


              • #8
                If you read the port he has already enabled some of these features but it doesn't stop users going to my documents and pressing 'up' a folder level and going to the c: drive. MS Say this is by design not a bug. A GP cant stop users getting to the c: drive. The only way (with MS products) to stop users playing with the c: drive is to use NTFS permissions.
                Server 2000 MCP
                Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

                ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                Comment


                • #9
                  Hi jonny_2good

                  Would you please share with us your experience in setting up the NTFS permissions for the C Drive. If you can please describe it in details. I would like to learn as well. Thank you very much.

                  Regards,
                  Teamwork

                  Comment


                  • #10
                    Originally posted by azmantek
                    Hi jonny_2good

                    Would you please share with us your experience in setting up the NTFS permissions for the C Drive. If you can please describe it in details. I would like to learn as well. Thank you very much.

                    Regards,
                    Hi Azmantek

                    There is no one way that this can be done. It doesn't work for everyone. Basically is set program files to readonly for authenticated users, along with winnt. Documents and settings is already done, then you need to allow access to certain areas like temp areas and any badly written programs in program files. But as i said it depends on your setup.

                    I work for a college so we have all the c: locked down by default and then open needed areas (like setting up a firewall i suppose).

                    Hope this helps
                    Server 2000 MCP
                    Development: ASP, ASP.Net, PHP, VB, VB.Net, MySQL, MSSQL - Check out my blog http://tonyyeb.blogspot.com

                    ** Remember to give credit where credit is due and leave reputation points sigpic where appropriate **

                    Comment

                    Working...
                    X