[THIN] Re: Hide drives

• From: "Braebaum, Neil" <Neil.Braebaum@xxxxxxxxxxxxxxxxx>
• To: <thin@xxxxxxxxxxxxx>
• Date: Wed, 24 Mar 2004 17:07:53 -0000

Comments inline...

> -----Original Message-----
> From: thin-bounce@xxxxxxxxxxxxx 
> [mailto:thin-bounce@xxxxxxxxxxxxx] On Behalf Of Jim Hathaway
> Sent: 24 March 2004 16:54
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Hide drives
> 
> Neil,=20
> 
> Not trying to start an argument here,

Righto.

> but . . .

There's always a "but", ain't there... ;-)

> as I said if 
> a user has "local admin" credentials to the server in 
> question then you can script it.=20

None of my users have anything like local admin rights.

In fact, I think the whole users / admin rights is mutually exclusive.

> Take a look at the default reg perms on 
> HKCU\software\MS\Windows\CurrentVersion\policies
> 
> The User, has "read" by default. Local admins have full, so 
> does "system".=20

And the registry and filesystem has all sorts of default permissions,
too.

Do you always stick to them?

> I'm not saying it can't be done via login script.

Good, because that would be a fatuous thing to say.

> But you 
> need to change the default perms on that reg key, or let your 
> users run under the context of a local admin on your TS servers.=20
> 
> Still don't believe me? Want a white paper? Here you go . . . 
> http://www.microsoft.com/windows2000/docs/rbppaper.doc

I know all about the paper.

I was doing policy / profile stuff, before there was policies available
to use.

> "Registry-based policy settings are stored in any of the four 
> Group Policy keys listed below. These are considered the 
> approved registry locations for policy settings. For computer 
> policy settings:
> .     HKLM\Software\Policies (The preferred location)
> .     HKLM\Software\Microsoft\Windows\CurrentVersion\Policies
> For user policy settings:
> .     HKCU\Software\Policies (The preferred location)
> .     HKCU\Software\Microsoft\Windows\CurrentVersion\Policies
> These locations have security permissions so that a standard 
> user cannot change these keys to disable or change the 
> behavior of applied policies. The keys are created when the 
> GPO is applied. If the GPO that applied the keys is ever 
> removed, the registry keys associated with it will also be 
> removed at that time.
> Note: A local administrator can overwrite these registry keys 
> and thus change or disable the behavior of the policy. (Refer 
> to the Windows 2000 Group Policy white paper."

As I said, I apply NoDrives by login script. As well as a number of
other things, that the GPO mechanism is too inflexible for (hint: the
GPO mechanism itself has very limited means of using conditional logic -
and what is does have, is largely outside of the individual object,
anyways.

And many, many registry values that are actually of true use to the
users environment, aren't actually under those hierarchies anyways.

Neil

> -----Original Message-----
> From: Braebaum, Neil [mailto:Neil.Braebaum@xxxxxxxxxxxxxxxxx]=20
> Sent: Wednesday, March 24, 2004 8:28 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Hide drives
> 
> Comments inline...
> 
> > -----Original Message-----
> > From: thin-bounce@xxxxxxxxxxxxx=20  
> [mailto:thin-bounce@xxxxxxxxxxxxx] 
> >On Behalf Of Jim Hathaway
> > Sent: 24 March 2004 16:20
> > To: thin@xxxxxxxxxxxxx
> > Subject: [THIN] Re: Hide drives
> >=20
> > Ian,=3D20
> >=20
> > You mentioned reg hacking this. By any chance are you=20  
> attempting 
> >to adjust / enter this reg value with a script=20  login as 
> opposed to 
> >using an adjusted ADM?
> 
> I apply drive hiding by login script for W2K terminal servers users.
> 
> > There are parts of the registry in win2k and win2k3 you=20 cannot 
> > script adjustments too during logins, unless the=20 logging in user 
> > has local admin privileges.=3D20
> 
> You can apply changes via scripts, to exactly the same 
> registry values that the GPO mechanism applies to.
> 
> Neil

***********************************************
This e-mail and its attachments are confidential
and are intended for the above named recipient
only. If this has come to you in error, please 
notify the sender immediately and delete this 
e-mail from your system.
You must take no action based on this, nor must 
you copy or disclose it or any part of its contents 
to any person or organisation.
Statements and opinions contained in this email may 
not necessarily represent those of Littlewoods.
Please note that e-mail communications may be monitored.
The registered office of Littlewoods Limited and its
subsidiaries is 100 Old Hall Street, Liverpool, L70 1AB.
Registered number of Littlewoods Limited is 262152.
************************************************

********************************************************
This weeks sponsor Emergent Online.
Emergent OnLine is the leading server-based computing consulting integration 
firm in the nation. Emergent OnLine delivers expert 
consulting services you can depend on.
http://www.go-eol.com
**********************************************************
Useful Thin Client Computing Links are available at:
http://thin.net/links.cfm
***********************************************************
For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thin.net/citrixlist.cfm

• Follow-Ups:
  • [THIN] Re: Hide drives
    • From: Ian Aston

Other related posts:

• » [THIN] Hide drives
• » [THIN] Re: Hide drives
• » [THIN] Re: Hide drives
• » [THIN] Re: Hide drives
• » [THIN] Re: Hide drives
• » [THIN] Re: Hide drives
• » [THIN] Re: Hide drives
• » [THIN] Re: Hide drives
• » [THIN] Hide drives?

1. Home
2. thin
3. Archive
4. 03-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---