Or Use this........... How to: Use System Policies to Hide Specific Drives The information in this article applies to: a.. Microsoft Windows NT Workstation 4.0 This article was previously published under Q242092 SUMMARY This article describes how a system administrator can restrict use of drives by 'hiding' one or more drives on a Windows NT-based computer. The System Policy Editor in Microsoft Windows NT Server 4.0 has an Hide drives in My Computer feature that hides all drives from the user. However, you may want to hide only selected drives, while retaining use of other drives. MORE INFORMATION To use system policies to hide drives, follow these steps: 1.. Obtain the decimal value for the drives you want to restrict. NOTE: The registry key that this policy affects uses a decimal number that corresponds to a 26-bit binary string, with each bit representing a drive letter: 11111111111111111111111111 ZYXWVUTSRQPONMLKJIHGFEDCBA This configuration corresponds to 67108863 (in decimal) and hides all drives. If you want to hide drive C, you would make the third lowest bit 0 and then convert the binary string to decimal. The following are sample values that correspond to various drive letters: Hide all drive letters (default): 67108863 Hide all drive letters but C: 67108859 Hide all drive letters but U: 66060287 Hide all drive letters but C: and U: 66060283 Hide all drive letters but C,O, and U: 66043899 2.. Edit the Common.adm file: 1.. Open the Common.adm file in a text editor such as Notepad. 2.. Locate the HideDrives section in the Common.adm file. Note that it should look like the following: CATEGORY !!Shell CATEGORY !!Restrictions POLICY !!HideDrives VALUENAME ''NoDrives'' VALUEON NUMERIC 67108863 ; low 26 bits on (1 bit per drive) END POLICY 3.. Replace the VALUEON NUMERIC value with your new value. 4.. Save and then close the file. 3.. Edit the system policy: 1.. Click Start, point to Programs, point to Administrative Tools (Common), and then click System Policy Editor. 2.. On the File menu, click Open Registry. 3.. Double-click the Local User policy. 4.. Open the policy to the following location: Local User\Shell\Restrictions 5.. Click to select the Hide drives in My Computer check box, and then click OK. NOTE: Only the drives that you specified in the VALUEON NUMERIC value in the Common.adm file are hidden. 6.. On the File menu, click Save. 4.. Log off and then log on to the computer for the changes to take effect. You can also use the Microsoft Zero Administration Kit (ZAK) for Windows NT Server 4.0 to selectively hide files. However, the ZAK method requires modifying the Zakwinnt.adm file to add other drive letter options beyond the five built-in selections. The ZAK method can be implemented using only a Windows NT Server-based computer and the original policy template files (Common.adm and Winnt.adm). ________________________________________________________________ Sean P. Casey System Administrator (NT) Canadian Microelectronics Corporation Queen's University, 210A Carruthers Hall Kingston, Ontario K7L 3N6 Telephone: (613) 530-4665 FAX: (613) 548-8104 e-mail: casey@xxxxxx ________________________________________________________________ ----- Original Message ----- From: "Claus, Brian" <BClaus@xxxxxxxxxxxxx> To: <thin@xxxxxxxxxxxxx> Sent: Wednesday, January 08, 2003 9:26 AM Subject: [THIN] Re: Restricting file access > > The hide drives utility should help you out...along with implementing > security on your files\folders. > > If users only see their A$ \ C$ \ and a mapped network share to their > personal data they tend to not poke around looking for other drives. > > Out of sight--Out of mind. > > > > > _____ > > > Brian Claus, A+, Network+, MCP > Network Administrator > WESCO Distribution, Inc. > 225 West Station Square Drive, Suite 700 > Pittsburgh, PA 15219-1122 > Phone: 412-454-2412 > Fax: 412-454-2540 > bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx> > _____ > > > > -----Original Message----- > From: John Franz [mailto:blizzard_28@xxxxxxxxxxx] > Sent: Wednesday, January 08, 2003 8:38 AM > To: thin@xxxxxxxxxxxxx > Subject: [THIN] Re: Restricting file access > > > > Thanks, I will check it out. I guess I was not specific enough in my > question. When a user logs into the Metaframe server, it creates a > directory for them. I only want the user to be able to view this directory > on the Metaframe server and no other directories. MS Office is installed > and when you click on open you can browse to the entire hard drive on the > Metaframe server. I don't want them to be able to browse to other places on > > the Metaframe drives where they could possibly create files etc. > > Does this make any sense? > > > > John Franz > > -- > blizzard_28@xxxxxxxxxxx > > > > > > >From: "Claus, Brian" <BClaus@xxxxxxxxxxxxx> > >Reply-To: thin@xxxxxxxxxxxxx > >To: thin@xxxxxxxxxxxxx > >Subject: [THIN] Re: Restricting file access > >Date: Tue, 7 Jan 2003 16:08:15 -0500 > > > > > >John, > > > >Check out this tool. > > > >I put it at http://thethin.net/hidedrives.zip > > > >It lets you specify what drives are viewable by the users. > > > > > > > > _____ > > > > > >Brian Claus, A+, Network+, MCP > >Network Administrator > >WESCO Distribution, Inc. > >225 West Station Square Drive, Suite 700 > >Pittsburgh, PA 15219-1122 > >Phone: 412-454-2412 > >Fax: 412-454-2540 > >bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx> > > _____ > > > > > > > >-----Original Message----- > >From: John Franz [mailto:blizzard_28@xxxxxxxxxxx] > >Sent: Tuesday, January 07, 2003 3:45 PM > >To: thin@xxxxxxxxxxxxx > >Subject: [THIN] Restricting file access > > > > > > > >I have a test Metaframe XP server. I want users to only be able to see > >their onw personal files and nothing else on the server. What is the > >easiest/best way to accomplish this? > > > > > >John Franz > > > >-- > >blizzard_28@xxxxxxxxxxx > > > > > > > > > >_________________________________________________________________ > >Add photos to your e-mail with MSN 8. Get 2 months FREE*. > >http://join.msn.com/?page=features/featuredemail > > > >*********************************************** > >This Weeks Sponsor: WM Software > >WMS Messenger for TSE > >Affordable Instant Messaging for Terminal Servers > >http://www.wmsoftware.com/wmsm/ > >************************************************ > >For Archives, to Unsubscribe, Subscribe or > >set Digest or Vacation mode use the below link. > > > >http://thethin.net/citrixlist.cfm > > > > > >The information contained in and transferred with this electronic message > >is > >intended only for the recipient(s) designated above, it is protected by law > >and it may contain information which is privileged and confidential. If > >you > >are not the intended recipient, you are hereby notified that any review, > >dissemination, distribution, copying or use of this message is unauthorized > >and strictly prohibited. If you have received this message in error, > >please > >notify WESCO Distribution, Inc. immediately at 412-454-4800. Thank you. > >*********************************************** > >This Weeks Sponsor: WM Software > >WMS Messenger for TSE > >Affordable Instant Messaging for Terminal Servers > >http://www.wmsoftware.com/wmsm/ > >************************************************ > >For Archives, to Unsubscribe, Subscribe or > >set Digest or Vacation mode use the below link. > > > >http://thethin.net/citrixlist.cfm > > > _________________________________________________________________ > MSN 8 with e-mail virus protection service: 2 months FREE* > http://join.msn.com/?page=features/virus > > *********************************************** > This Weeks Sponsor: WM Software > WMS Messenger for TSE > Affordable Instant Messaging for Terminal Servers > http://www.wmsoftware.com/wmsm/ > ************************************************ > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link. > > http://thethin.net/citrixlist.cfm > > > The information contained in and transferred with this electronic message is > intended only for the recipient(s) designated above, it is protected by law > and it may contain information which is privileged and confidential. If you > are not the intended recipient, you are hereby notified that any review, > dissemination, distribution, copying or use of this message is unauthorized > and strictly prohibited. If you have received this message in error, please > notify WESCO Distribution, Inc. immediately at 412-454-4800. Thank you. > *********************************************** > This Weeks Sponsor: WM Software > WMS Messenger for TSE > Affordable Instant Messaging for Terminal Servers > http://www.wmsoftware.com/wmsm/ > ************************************************ > For Archives, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link. > > http://thethin.net/citrixlist.cfm > *********************************************** This Weeks Sponsor: WM Software WMS Messenger for TSE Affordable Instant Messaging for Terminal Servers http://www.wmsoftware.com/wmsm/ ************************************************ For Archives, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link. http://thethin.net/citrixlist.cfm