Floppy drive access

[Guest]

Archived from groups: microsoft.public.windowsnt.terminalserver.client (More info?)

Hello Everyone,


I have a specific question about access to the floppy drive on clients.



I have created a new OU and set group policy for the users in it
according to the standard document: Locking Down Windows Server 2003
Terminal Server Sessions. (July, 2003)


A few settings have not been implemented but that should be irrelevant
in this senario.


My problem is that in this standard setup the client computer can not
access his own local floppy drive, (natural, I know), but I would like
it otherwise because of the way the users are going to use this
installation. I have been trying to mess around with the logical
candidates to could allow access to the floppy drive like: Hide these
specified drives in My Computer and Prevent access to drives from My
Computer, but these seem only to deal with drives that are physically
on the server and not on the client. I know that it can work, because
if I log in using an other account with more rights then the floppy
drive is mapped and available as expected.


So my questions are:


A What policy controls if there is access to the clients local floppy
drive?


B Can I prevent execution rights to files found there, in other words
allow only read/write access to this drive?


Thank You,


Michael

 

[Guest]

Archived from groups: microsoft.public.windowsnt.terminalserver.client (More info?)

Have you enabled local drive redirection on both the server and the
client?

_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

"MBA" <michaelbrandi@hotmail.com> wrote on 05 aug 2005 in
microsoft.public.windowsnt.terminalserver.client:

> Hello Everyone,
>
>
> I have a specific question about access to the floppy drive on
> clients.
>
>
>
> I have created a new OU and set group policy for the users in it
> according to the standard document: Locking Down Windows Server
> 2003 Terminal Server Sessions. (July, 2003)
>
>
> A few settings have not been implemented but that should be
> irrelevant in this senario.
>
>
> My problem is that in this standard setup the client computer
> can not access his own local floppy drive, (natural, I know),
> but I would like it otherwise because of the way the users are
> going to use this installation. I have been trying to mess
> around with the logical candidates to could allow access to the
> floppy drive like: Hide these specified drives in My Computer
> and Prevent access to drives from My Computer, but these seem
> only to deal with drives that are physically on the server and
> not on the client. I know that it can work, because if I log in
> using an other account with more rights then the floppy drive is
> mapped and available as expected.
>
>
> So my questions are:
>
>
> A What policy controls if there is access to the clients local
> floppy drive?
>
>
> B Can I prevent execution rights to files found there, in other
> words allow only read/write access to this drive?
>
>
> Thank You,
>
>
> Michael

 

[Guest]

Archived from groups: microsoft.public.windowsnt.terminalserver.client (More info?)

Hi Vera,

Like I wrote it is alread set up correctly, because if I simply log in
with a different user that has more access rights on the server the
drive is available.

Michael

 

[Guest]

Archived from groups: microsoft.public.windowsnt.terminalserver.client (More info?)

But the client settings are user-specific, so the fact that it works
for userA doesn't automatically mean that it works for userB, that's
why I asked.

When the user connects, does the standard Remote Desktop Security
Warning about redirecting local drives show up?

Can the user see his other local drives (C: on the client), or no
redirected local drives at all?

Is there anything in the EventLog on the Terminal Server or the
client? Do you have auditing of all security events enabled?

Have you checked the security filtering of your GPO (I assume that it
is there that you enable redirection of local drives)?
_________________________________________________________
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
TS troubleshooting: http://ts.veranoest.net
___ please respond in newsgroup, NOT by private email ___

"MBA" <michaelbrandi@hotmail.com> wrote on 08 aug 2005 in
microsoft.public.windowsnt.terminalserver.client:

> Hi Vera,
>
> Like I wrote it is alread set up correctly, because if I simply
> log in with a different user that has more access rights on the
> server the drive is available.
>
> Michael