[THIN] Re: Restricting file access
- From: "Sean Casey" <casey@xxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Wed, 8 Jan 2003 10:46:03 -0500
Or Use this...........
How to: Use System Policies to Hide Specific Drives
The information in this article applies to:
a.. Microsoft Windows NT Workstation 4.0
This article was previously published under Q242092
SUMMARY
This article describes how a system administrator can restrict use of drives
by 'hiding' one or more drives on a Windows NT-based computer. The System
Policy Editor in Microsoft Windows NT Server 4.0 has an Hide drives in My
Computer feature that hides all drives from the user. However, you may want
to hide only selected drives, while retaining use of other drives.
MORE INFORMATION
To use system policies to hide drives, follow these steps:
1.. Obtain the decimal value for the drives you want to restrict.
NOTE: The registry key that this policy affects uses a decimal number that
corresponds to a 26-bit binary string, with each bit representing a drive
letter:
11111111111111111111111111
ZYXWVUTSRQPONMLKJIHGFEDCBA
This configuration corresponds
to 67108863 (in decimal) and hides all
drives. If you want to hide drive C, you would make the third lowest bit 0
and then convert the binary string to decimal. The following are sample
values that correspond to various drive letters:
Hide all drive letters (default): 67108863
Hide all drive letters but C: 67108859
Hide all drive letters but U: 66060287
Hide all drive letters but C: and U: 66060283
Hide all drive letters but C,O, and U: 66043899
2.. Edit the Common.adm file:
1.. Open the Common.adm file in a text editor such as Notepad.
2.. Locate the HideDrives section in the Common.adm file. Note that it
should look like the following:
CATEGORY !!Shell
CATEGORY !!Restrictions
POLICY !!HideDrives
VALUENAME ''NoDrives''
VALUEON NUMERIC 67108863 ; low 26 bits on (1 bit per drive)
END POLICY
3.. Replace the VALUEON NUMERIC
value with your new value.
4.. Save and then close the file.
3.. Edit the system policy:
1.. Click Start, point to Programs, point to Administrative Tools
(Common), and then click System Policy Editor.
2.. On the File menu, click Open Registry.
3.. Double-click the Local User policy.
4.. Open the policy to the following location:
Local User\Shell\Restrictions
5.. Click to select the Hide drives in My Computer check box, and then
click OK.
NOTE: Only the drives that you specified in the VALUEON NUMERIC value in
the Common.adm file are hidden.
6.. On the File menu, click Save.
4.. Log off and then log on to the computer for the changes to take
effect.
You can also use the Microsoft Zero Administration Kit (ZAK) for Windows NT
Server 4.0 to selectively hide files. However, the ZAK method requires
modifying the Zakwinnt.adm file to add other drive letter options beyond the
five built-in selections. The ZAK method can be implemented using only a
Windows NT Server-based computer and the original policy template files
(Common.adm and Winnt.adm).
________________________________________________________________
Sean P. Casey
System Administrator (NT)
Canadian Microelectronics Corporation
Queen's University, 210A Carruthers Hall
Kingston, Ontario
K7L 3N6
Telephone: (613) 530-4665
FAX: (613) 548-8104
e-mail: casey@xxxxxx
________________________________________________________________
----- Original Message -----
From: "Claus, Brian" <BClaus@xxxxxxxxxxxxx>
To: <thin@xxxxxxxxxxxxx>
Sent: Wednesday, January 08, 2003 9:26 AM
Subject: [THIN] Re: Restricting file access
>
> The hide drives utility should help you out...along with implementing
> security on your files\folders.
>
> If users only see their A$ \ C$ \ and a mapped network share to their
> personal data they tend to not poke around looking for other drives.
>
> Out of sight--Out of mind.
>
>
>
>
> _____
>
>
> Brian Claus, A+, Network+, MCP
> Network Administrator
> WESCO Distribution, Inc.
> 225 West Station Square Drive, Suite 700
> Pittsburgh, PA 15219-1122
> Phone: 412-454-2412
> Fax: 412-454-2540
> bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>
> _____
>
>
>
> -----Original Message-----
> From: John Franz [mailto:blizzard_28@xxxxxxxxxxx]
> Sent: Wednesday, January 08, 2003 8:38 AM
> To: thin@xxxxxxxxxxxxx
> Subject: [THIN] Re: Restricting file access
>
>
>
> Thanks, I will check it out. I guess I was not specific enough in my
> question. When a user logs into the Metaframe server, it creates a
> directory for them. I only want the user to be able to view this
directory
> on the Metaframe server and no other directories. MS Office is installed
> and when you click on open you can browse to the entire hard drive on the
> Metaframe server. I don't want them to be able to browse to other places
on
>
> the Metaframe drives where they could possibly create files etc.
>
> Does this make any sense?
>
>
>
> John Franz
>
> --
> blizzard_28@xxxxxxxxxxx
>
>
>
>
>
> >From: "Claus, Brian" <BClaus@xxxxxxxxxxxxx>
> >Reply-To: thin@xxxxxxxxxxxxx
> >To: thin@xxxxxxxxxxxxx
> >Subject: [THIN] Re: Restricting file access
> >Date: Tue, 7 Jan 2003 16:08:15 -0500
> >
> >
> >John,
> >
> >Check out this tool.
> >
> >I put it at http://thethin.net/hidedrives.zip
> >
> >It lets you specify what drives are viewable by the users.
> >
> >
> >
> > _____
> >
> >
> >Brian Claus, A+, Network+, MCP
> >Network Administrator
> >WESCO Distribution, Inc.
> >225 West Station Square Drive, Suite 700
> >Pittsburgh, PA 15219-1122
> >Phone: 412-454-2412
> >Fax: 412-454-2540
> >bclaus@xxxxxxxxxxxxx <mailto:bclaus@xxxxxxxxxxxxx>
> > _____
> >
> >
> >
> >-----Original Message-----
> >From: John Franz [mailto:blizzard_28@xxxxxxxxxxx]
> >Sent: Tuesday, January 07, 2003 3:45 PM
> >To: thin@xxxxxxxxxxxxx
> >Subject: [THIN] Restricting file access
> >
> >
> >
> >I have a test Metaframe XP server. I want users to only be able to see
> >their onw personal files and nothing else on the server. What is the
> >easiest/best way to accomplish this?
> >
> >
> >John Franz
> >
> >--
> >blizzard_28@xxxxxxxxxxx
> >
> >
> >
> >
> >_________________________________________________________________
> >Add photos to your e-mail with MSN 8. Get 2 months FREE*.
> >http://join.msn.com/?page=features/featuredemail
> >
> >***********************************************
> >This Weeks Sponsor: WM Software
> >WMS Messenger for TSE
> >Affordable Instant Messaging for Terminal Servers
> >http://www.wmsoftware.com/wmsm/
> >************************************************
> >For Archives, to Unsubscribe, Subscribe or
> >set Digest or Vacation mode use the below link.
> >
> >http://thethin.net/citrixlist.cfm
> >
> >
> >The information contained in and transferred with this electronic message
> >is
> >intended only for the recipient(s) designated above, it is protected by
law
> >and it may contain information which is privileged and confidential. If
> >you
> >are not the intended recipient, you are hereby notified that any review,
> >dissemination, distribution, copying or use of this message is
unauthorized
> >and strictly prohibited. If you have received this message in error,
> >please
> >notify WESCO Distribution, Inc. immediately at 412-454-4800. Thank you.
> >***********************************************
> >This Weeks Sponsor: WM Software
> >WMS Messenger for TSE
> >Affordable Instant Messaging for Terminal Servers
> >http://www.wmsoftware.com/wmsm/
> >************************************************
> >For Archives, to Unsubscribe, Subscribe or
> >set Digest or Vacation mode use the below link.
> >
> >http://thethin.net/citrixlist.cfm
>
>
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE*
> http://join.msn.com/?page=features/virus
>
> ***********************************************
> This Weeks Sponsor: WM Software
> WMS Messenger for TSE
> Affordable Instant Messaging for Terminal Servers
> http://www.wmsoftware.com/wmsm/
> ************************************************
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link.
>
> http://thethin.net/citrixlist.cfm
>
>
> The information contained in and transferred with this electronic message
is
> intended only for the recipient(s) designated above, it is protected by
law
> and it may contain information which is privileged and confidential. If
you
> are not the intended recipient, you are hereby notified that any review,
> dissemination, distribution, copying or use of this message is
unauthorized
> and strictly prohibited. If you have received this message in error,
please
> notify WESCO Distribution, Inc. immediately at 412-454-4800. Thank you.
> ***********************************************
> This Weeks Sponsor: WM Software
> WMS Messenger for TSE
> Affordable Instant Messaging for Terminal Servers
> http://www.wmsoftware.com/wmsm/
> ************************************************
> For Archives, to Unsubscribe, Subscribe or
> set Digest or Vacation mode use the below link.
>
> http://thethin.net/citrixlist.cfm
>
***********************************************
This Weeks Sponsor: WM Software
WMS Messenger for TSE
Affordable Instant Messaging for Terminal Servers
http://www.wmsoftware.com/wmsm/
************************************************
For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link.
http://thethin.net/citrixlist.cfm
Other related posts:
