Masking Drives for Terminal server users

Posted on 2004-08-29
Last Modified: 2012-05-05
I have a Windows server 2003 and using Terminal server option for users. In the GPO I'm masking all local drives because I de not want users to see the c: to h: drives in the explorer. All users loging in a terminal server session have there local worstation drive loged and that works fine.

The probleme is that I'm trying to access a shared folder on the terminal servers h: but since I use the "mask all drives in GPO" it seems that I cannot see the network drive in the explorer of that users terminal session.

Is there a way to fixe that?

Question by:yvallee
  • 4
  • 2

Expert Comment

ID: 11927731
In group policy there are two options in regards to user/drive interaction

hide drives
prevent access

The hide drive setting will still allow a users to access the drive but it won't show up in explorer.  The prevent access setting will do just that, prevent access.  Which setting are you using?

You can also create a custom administrative template to hide or prevent access to specific drives (not just the ones specified in the original microsoft policies).  Check out the following link for more info on the process:

Let me know if you would like more details or clarification

Author Comment

ID: 11928086
This could work but how and where do I start to create a custom policy that would allow me to hide from a: to h: ?

Is this in registry?


Expert Comment

ID: 11932713
I've built out the custom adm file to hide the specific drives you want I will paste the info in a separate post.  Here are the instructions:

Copy the contents of the next post to a text file and rename the file HideDrives.adm
Open group policy or local policy editory (if it only needs to apply to one machine I use gpedit.msc on the local machine)
Under User configuration right click on Administrative Templates and choose Add/Remove Templates
In the Add/Remove Templates window click Add
Copy the HideDrive.adm file to the location shown, select it and click open
Close the Add/Remove Template Window
Expand User>Administrative Templates>MetaFrame Sample Policy>Windows NT>Explorer>Drive Restrictions
Doubleclick on Hide (or show) the selected drives
Enable the policy and from the drop down list select Hide Drives A-H

Good Luck
If you need more info or have problems with this let me know
Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.


Accepted Solution

SamuraiCrow earned 500 total points
ID: 11932728



      CATEGORY !!Restrictions
            POLICY !!HideDrives

            ; This policy is will only show or hide the specified drives
            ; in the client session.  The registry key that this policy
            ; effects uses a decimal number which corresponds to a 26 bit
            ; binary string, with each bit representing a drive letter:
            ; 11111111111111111111111111
            ; 1=hide and 0=show. The above configuration corresponds to 67108863d and

            ; hide all drives.  If you wanted to hide the C: drive you would make
            ; the 3rd lowest bit a 0 and then convert the binary string to decimal.
            ; Note: Clearing the check box will delete the "NoDrives" entry
            ; entirely, and therefore, all drives will be automatically shown.
            ; Feel free to add aditional drive configurations or remove others.
            ; If you want to configure this policy to show a different combination
            ; of drives, create the desired binary string, convert to decimal
            ; and add a new entry to the ITEMLISTand define the string.
            ; Remember that this function affects Explorer and Explrer-style dialogs
            ; but it has NO effect on the command line.
            ; The naming conventions used below is that a ~ means hide and _ mean shown


            KEYNAME Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

                  PART !!HideDrivesOptions      DROPDOWNLIST
                  VALUENAME "NoDrives"            
                        Name !!HideDrives~all      VALUE NUMERIC 67108863
                        NAME !!HideDrives~A      VALUE NUMERIC 1
                        NAME !!HideDrives~C      VALUE NUMERIC 4
                        NAME !!HideDrives~CD      VALUE NUMERIC 12                  

                        NAME !!HideDrives~CDA      VALUE NUMERIC 13
                        NAME !!HideDrives~M      VALUE NUMERIC 4096
                        NAME !!HideDrives~MN      VALUE NUMERIC 12288                  

                        NAME !!HideDrives~MNA      VALUE NUMERIC 12289
                        NAME !!HideDrives_C      VALUE NUMERIC 67108859
                        NAME !!HideDrives_U      VALUE NUMERIC 66060287
                        NAME !!HideDrives_UA      VALUE NUMERIC 66060286
                        NAME !!HideDrives_A-H      VALUE Numeric 255
                  END ITEMLIST
                  END PART
                  PART !!DriveRestrictions_Tip1      TEXT      END PART
                  PART !!DriveRestrictions_Tip2      TEXT      END PART
                  PART !!DriveRestrictions_Tip3      TEXT      END PART
                  ; NOTE: This is a sample policy that conflits with the
                  ; Shell\Restrictions\Hide Drives policy defined in common.adm and

                  ; in the ZAK. It is provided as a template that defines common drive
                  ; configurations in MetaFrame
                  END POLICY



CCI="Metaframe Sample Policy"
WindowsNT="Windows NT"
Restrictions="Drive Restrictions"
HideDrives="Hide (or show) the selected drives"
HideDrivesOptions="Choose from the following configuration:"
HideDrives~all="All Drives are hidden"
HideDrives~A="Do Not show A:"
HideDrives~C="Do Not show C:"      
HideDrives~CD="Do Not show C: and D:"                  
HideDrives~CDA="Do Not show A: C: and D:"      
HideDrives~M="Do Not show M:"      
HideDrives~MN="Do Not show M: and N:"                        
HideDrives~MNA="Do Not show A: M: and N:"      
HideDrives_C="Show Only C:"
HideDrives_U="Show Only U:"
HideDrives_UA="Show Only A: and U:"
HideDrives_A-H="Hide A:-H: drives"
DriveRestrictions_Tip1=" Note: This is a sample policy that conflits with any Hide Drives"
DriveRestrictions_Tip2=" policy defined in common.adm and/or in the ZAK.  It is provided to"
DriveRestrictions_Tip3=" define common drive configurations in MetaFrame."

Author Comment

ID: 11934429

Thanks, this works very well.   AND you've shown me step by step, thanks you very very much Crow


Expert Comment

ID: 11934462
Glad to assist.  Remember that you can edit the settings of this file to meet the changing needs of your terminal services enviroment.

Expert Comment

ID: 13333193

I tried this as well, and it worked out fine. Howeever, it also applies when I log on as an administrator. Does anybody know how to make it apply to regular users only?


Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
This Micro Tutorial will give you a basic overview how to record your screen with Microsoft Expression Encoder. This program is still free and open for the public to download. This will be demonstrated using Microsoft Expression Encoder 4.
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now