No announcement yet.

Hiding or Preventing access to c: GPO

  • Filter
  • Time
  • Show
Clear All
new posts

  • Hiding or Preventing access to c: GPO

    Hi Everyone, just joined on a recommendation of a twitter friend of mine. Ive just recently moved from working as a field engineer into the position of IT Manager for another firm and have a nice big Active directory project im just getting my teeth into!.

    Ive been playing around with and trying to fix some policy issues left by the previous IT firm, there is a poilcy in place which hides the A b C D E icons from my computer and the look-in drop down which works great. However if users right click the start menu and choose explore it drops them into the c: drive inside the start menu from where they can then go and explore any of the c: drive they like.

    NTFS permissions are fine and they can only damage their own files but it seems a bit silly that the policy denies it and this can get around it. Plus its one less icon for the non it literate to get lost in.

    Im wondering if there is any way to retain the local policy for start menus and other user data (my docs is already re-directed to users folder on server) but stop the right click->explore on start menu from allowing access to the c:

    I have read you can change a key in the registry which will change the location that explorer starts from, for example i could set it to load from \\server\users\%username% to open their my documents. Does this sound practical? i can set up a .reg to be applied to workstations if thats the best way.

    As a note to the above, prevent access to the c: drive does stop this which is great however if users had any folders or icons on the desktop it then dissalows them to use them which isnt what i want, i just want to hide the c:

    Hope that all makes sense and sorry if its a bit wordy, can be a bit complex to explain the intended result of a GPO in a short sentance.

    Looking forward to helping people out where i can with my experience.
    Ben Gillam MCP/MCSA 2003 - IT Manager (IGC Group)

  • #2
    Re: Hiding or Preventing access to c: GPO

    The problem with hiding the drives is that it does not prevent all methods of seeing the drives as evidenced by right clicking the start button and selecting "explore" or "open". As you've said, if you enable the companion setting of preventing access to the drives it prevents the user from accessing their own files. The only solution I can think of is to enable the setting to restrict the context menu for the start button and task bar. This will prevent users from right clicking the start button or task bar.


    • #3
      Re: Hiding or Preventing access to c: GPO

      Yes i did try that but of course you cant right click->close a task when that is enabled.

      this is the key i was mentioning above.

      which in theory should get around the issue as i could just point it to the my docs folder on the server. but guessing this would apply to all of the computers that users log into a computer affected by the policy regardless of wether the user policy allows them access to c: or not.
      Ben Gillam MCP/MCSA 2003 - IT Manager (IGC Group)