Hide Mapped Drives from End Users

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I work for a company running Windows 2000 SBS with an additional NT4
Server that houses a legacy database. All workstations run Windows XP
Professional. In order for the database to work properly, all users
must have drives F: and V: mapped to certain folders on the NT4
Server. A logon script on the 2K server automatically maps these
drives for users.

Employees has no reason to access anything on these drives manually,
and because NT4 is rather lacking in security, I want to prevent users
from seeing these 2 drives in My Computer and Windows Explorer. I did
some searching and found 2 recommendations:

-Use Group Policy to hide the drives
-Use TweakUI to hide the drives

Neither of these solutions appear relevant to my situation. The Group
Policy only allows you to hide specific drives (I think it was A-D).
TweakUI is user dependant, so if I hide the drives while logged in as
the admin, they still appear when a different user logs in. A user
with restricted permissions cannot access to necessary features of
TweakUI, so I cannot log in as the employee and hide it for them.

Do I have any other options?

Thanks,
Jen Ricklin

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I have not tried this myself, but if you read the KB link below you can modify the
system.adm file [ backup it first! ] to suit your needs for hiding drives using Group
Policy. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;EN-US;231289

"Yeimi" <jricklin@hotmail.com> wrote in message
news:24b3fd7f.0409080633.2fec47b1@posting.google.com...
>I work for a company running Windows 2000 SBS with an additional NT4
> Server that houses a legacy database. All workstations run Windows XP
> Professional. In order for the database to work properly, all users
> must have drives F: and V: mapped to certain folders on the NT4
> Server. A logon script on the 2K server automatically maps these
> drives for users.
>
> Employees has no reason to access anything on these drives manually,
> and because NT4 is rather lacking in security, I want to prevent users
> from seeing these 2 drives in My Computer and Windows Explorer. I did
> some searching and found 2 recommendations:
>
> -Use Group Policy to hide the drives
> -Use TweakUI to hide the drives
>
> Neither of these solutions appear relevant to my situation. The Group
> Policy only allows you to hide specific drives (I think it was A-D).
> TweakUI is user dependant, so if I hide the drives while logged in as
> the admin, they still appear when a different user logs in. A user
> with restricted permissions cannot access to necessary features of
> TweakUI, so I cannot log in as the employee and hide it for them.
>
> Do I have any other options?
>
> Thanks,
> Jen Ricklin

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

yes, this works very well, it is an easy text edit of the adm file plus
learning their values method for each drive letter so you can assign the
right number to the added policy. After that it is a snap.
One caveat however:
even though it is invisible in Explorer, it is still there so if a user goes
into, say, Word and goes to Open a Doc and in the file name they type f:\
and hit enter, it will show them the drive. So, the curious user will
probably still find it. Otherwise it is nice to hide what is behind the
curtain.

"Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
news:vjJ%c.4755$D%.703@attbi_s51...
> I have not tried this myself, but if you read the KB link below you can
modify the
> system.adm file [ backup it first! ] to suit your needs for hiding drives
using Group
> Policy. --- Steve
>
> http://support.microsoft.com/default.aspx?scid=kb;EN-US;231289
>
> "Yeimi" <jricklin@hotmail.com> wrote in message
> news:24b3fd7f.0409080633.2fec47b1@posting.google.com...
> >I work for a company running Windows 2000 SBS with an additional NT4
> > Server that houses a legacy database. All workstations run Windows XP
> > Professional. In order for the database to work properly, all users
> > must have drives F: and V: mapped to certain folders on the NT4
> > Server. A logon script on the 2K server automatically maps these
> > drives for users.
> >
> > Employees has no reason to access anything on these drives manually,
> > and because NT4 is rather lacking in security, I want to prevent users
> > from seeing these 2 drives in My Computer and Windows Explorer. I did
> > some searching and found 2 recommendations:
> >
> > -Use Group Policy to hide the drives
> > -Use TweakUI to hide the drives
> >
> > Neither of these solutions appear relevant to my situation. The Group
> > Policy only allows you to hide specific drives (I think it was A-D).
> > TweakUI is user dependant, so if I hide the drives while logged in as
> > the admin, they still appear when a different user logs in. A user
> > with restricted permissions cannot access to necessary features of
> > TweakUI, so I cannot log in as the employee and hide it for them.
> >
> > Do I have any other options?
> >
> > Thanks,
> > Jen Ricklin
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Glad you got it working and thanks for reporting back your results. Yes if you read
the explanation of the setting it says it will only hide the drives in My Computer
and Windows Explorer which is still worth something. --- Steve


"Steve Carr" <scarr@bastyr.edu.NOSPAM> wrote in message
news:ev5cfk5lEHA.2680@TK2MSFTNGP15.phx.gbl...
> yes, this works very well, it is an easy text edit of the adm file plus
> learning their values method for each drive letter so you can assign the
> right number to the added policy. After that it is a snap.
> One caveat however:
> even though it is invisible in Explorer, it is still there so if a user goes
> into, say, Word and goes to Open a Doc and in the file name they type f:\
> and hit enter, it will show them the drive. So, the curious user will
> probably still find it. Otherwise it is nice to hide what is behind the
> curtain.
>
> "Steven L Umbach" <n9rou@n0-spam-for-me-comcast.net> wrote in message
> news:vjJ%c.4755$D%.703@attbi_s51...
>> I have not tried this myself, but if you read the KB link below you can
> modify the
>> system.adm file [ backup it first! ] to suit your needs for hiding drives
> using Group
>> Policy. --- Steve
>>
>> http://support.microsoft.com/default.aspx?scid=kb;EN-US;231289
>>
>> "Yeimi" <jricklin@hotmail.com> wrote in message
>> news:24b3fd7f.0409080633.2fec47b1@posting.google.com...
>> >I work for a company running Windows 2000 SBS with an additional NT4
>> > Server that houses a legacy database. All workstations run Windows XP
>> > Professional. In order for the database to work properly, all users
>> > must have drives F: and V: mapped to certain folders on the NT4
>> > Server. A logon script on the 2K server automatically maps these
>> > drives for users.
>> >
>> > Employees has no reason to access anything on these drives manually,
>> > and because NT4 is rather lacking in security, I want to prevent users
>> > from seeing these 2 drives in My Computer and Windows Explorer. I did
>> > some searching and found 2 recommendations:
>> >
>> > -Use Group Policy to hide the drives
>> > -Use TweakUI to hide the drives
>> >
>> > Neither of these solutions appear relevant to my situation. The Group
>> > Policy only allows you to hide specific drives (I think it was A-D).
>> > TweakUI is user dependant, so if I hide the drives while logged in as
>> > the admin, they still appear when a different user logs in. A user
>> > with restricted permissions cannot access to necessary features of
>> > TweakUI, so I cannot log in as the employee and hide it for them.
>> >
>> > Do I have any other options?
>> >
>> > Thanks,
>> > Jen Ricklin
>>
>>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Steve Carr wrote:

> yes, this works very well, it is an easy text edit of the adm file plus
> learning their values method for each drive letter so you can assign the
> right number to the added policy. After that it is a snap.
> One caveat however:
> even though it is invisible in Explorer, it is still there so if a user goes
> into, say, Word and goes to Open a Doc and in the file name they type f:\
> and hit enter, it will show them the drive. So, the curious user will
> probably still find it. Otherwise it is nice to hide what is behind the
> curtain.
Hi

Then you can use this one::

Prevent Access to the Contents of Selected Drives
http://www.winguides.com/registry/display.php/1157/

It is the same as this Group Policy setting:

Prevent access to drives from My Computer
(User Configuration\Administrative Templates\Windows Components\Windows
Explorer)

GPO reference:
http://msdn.microsoft.com/library/en-us/gp/340.asp


--
torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
Administration scripting examples and an ONLINE version of
the 1328 page Scripting Guide:
http://www.microsoft.com/technet/scriptcenter/default.mspx

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

yes, you can prevent access but in this case they need access to use the
databases, Yeimi just didn't want people going to the drives through
Explorer so all you can do is hide them which isn't actually preventing
access, it just makes it harder to find.
"Torgeir Bakken (MVP)" <Torgeir.Bakken-spam@hydro.com> wrote in message
news:OVJQ%23b6lEHA.3432@TK2MSFTNGP14.phx.gbl...
> Steve Carr wrote:
>
> > yes, this works very well, it is an easy text edit of the adm file plus
> > learning their values method for each drive letter so you can assign the
> > right number to the added policy. After that it is a snap.
> > One caveat however:
> > even though it is invisible in Explorer, it is still there so if a user
goes
> > into, say, Word and goes to Open a Doc and in the file name they type
f:\
> > and hit enter, it will show them the drive. So, the curious user will
> > probably still find it. Otherwise it is nice to hide what is behind the
> > curtain.
> Hi
>
> Then you can use this one::
>
> Prevent Access to the Contents of Selected Drives
> http://www.winguides.com/registry/display.php/1157/
>
> It is the same as this Group Policy setting:
>
> Prevent access to drives from My Computer
> (User Configuration\Administrative Templates\Windows Components\Windows
> Explorer)
>
> GPO reference:
> http://msdn.microsoft.com/library/en-us/gp/340.asp
>
>
> --
> torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
> Administration scripting examples and an ONLINE version of
> the 1328 page Scripting Guide:
> http://www.microsoft.com/technet/scriptcenter/default.mspx