Masking Drives for Terminal server users

Posted on 2004-08-29
Last Modified: 2012-05-05
I have a Windows server 2003 and using Terminal server option for users. In the GPO I'm masking all local drives because I de not want users to see the c: to h: drives in the explorer. All users loging in a terminal server session have there local worstation drive loged and that works fine.

The probleme is that I'm trying to access a shared folder on the terminal servers h: but since I use the "mask all drives in GPO" it seems that I cannot see the network drive in the explorer of that users terminal session.

Is there a way to fixe that?

Question by:yvallee
  • 4
  • 2

Expert Comment

ID: 11927731
In group policy there are two options in regards to user/drive interaction

hide drives
prevent access

The hide drive setting will still allow a users to access the drive but it won't show up in explorer.  The prevent access setting will do just that, prevent access.  Which setting are you using?

You can also create a custom administrative template to hide or prevent access to specific drives (not just the ones specified in the original microsoft policies).  Check out the following link for more info on the process:

Let me know if you would like more details or clarification

Author Comment

ID: 11928086
This could work but how and where do I start to create a custom policy that would allow me to hide from a: to h: ?

Is this in registry?


Expert Comment

ID: 11932713
I've built out the custom adm file to hide the specific drives you want I will paste the info in a separate post.  Here are the instructions:

Copy the contents of the next post to a text file and rename the file HideDrives.adm
Open group policy or local policy editory (if it only needs to apply to one machine I use gpedit.msc on the local machine)
Under User configuration right click on Administrative Templates and choose Add/Remove Templates
In the Add/Remove Templates window click Add
Copy the HideDrive.adm file to the location shown, select it and click open
Close the Add/Remove Template Window
Expand User>Administrative Templates>MetaFrame Sample Policy>Windows NT>Explorer>Drive Restrictions
Doubleclick on Hide (or show) the selected drives
Enable the policy and from the drop down list select Hide Drives A-H

Good Luck
If you need more info or have problems with this let me know
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.


Accepted Solution

SamuraiCrow earned 500 total points
ID: 11932728



      CATEGORY !!Restrictions
            POLICY !!HideDrives

            ; This policy is will only show or hide the specified drives
            ; in the client session.  The registry key that this policy
            ; effects uses a decimal number which corresponds to a 26 bit
            ; binary string, with each bit representing a drive letter:
            ; 11111111111111111111111111
            ; 1=hide and 0=show. The above configuration corresponds to 67108863d and

            ; hide all drives.  If you wanted to hide the C: drive you would make
            ; the 3rd lowest bit a 0 and then convert the binary string to decimal.
            ; Note: Clearing the check box will delete the "NoDrives" entry
            ; entirely, and therefore, all drives will be automatically shown.
            ; Feel free to add aditional drive configurations or remove others.
            ; If you want to configure this policy to show a different combination
            ; of drives, create the desired binary string, convert to decimal
            ; and add a new entry to the ITEMLISTand define the string.
            ; Remember that this function affects Explorer and Explrer-style dialogs
            ; but it has NO effect on the command line.
            ; The naming conventions used below is that a ~ means hide and _ mean shown


            KEYNAME Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

                  PART !!HideDrivesOptions      DROPDOWNLIST
                  VALUENAME "NoDrives"            
                        Name !!HideDrives~all      VALUE NUMERIC 67108863
                        NAME !!HideDrives~A      VALUE NUMERIC 1
                        NAME !!HideDrives~C      VALUE NUMERIC 4
                        NAME !!HideDrives~CD      VALUE NUMERIC 12                  

                        NAME !!HideDrives~CDA      VALUE NUMERIC 13
                        NAME !!HideDrives~M      VALUE NUMERIC 4096
                        NAME !!HideDrives~MN      VALUE NUMERIC 12288                  

                        NAME !!HideDrives~MNA      VALUE NUMERIC 12289
                        NAME !!HideDrives_C      VALUE NUMERIC 67108859
                        NAME !!HideDrives_U      VALUE NUMERIC 66060287
                        NAME !!HideDrives_UA      VALUE NUMERIC 66060286
                        NAME !!HideDrives_A-H      VALUE Numeric 255
                  END ITEMLIST
                  END PART
                  PART !!DriveRestrictions_Tip1      TEXT      END PART
                  PART !!DriveRestrictions_Tip2      TEXT      END PART
                  PART !!DriveRestrictions_Tip3      TEXT      END PART
                  ; NOTE: This is a sample policy that conflits with the
                  ; Shell\Restrictions\Hide Drives policy defined in common.adm and

                  ; in the ZAK. It is provided as a template that defines common drive
                  ; configurations in MetaFrame
                  END POLICY



CCI="Metaframe Sample Policy"
WindowsNT="Windows NT"
Restrictions="Drive Restrictions"
HideDrives="Hide (or show) the selected drives"
HideDrivesOptions="Choose from the following configuration:"
HideDrives~all="All Drives are hidden"
HideDrives~A="Do Not show A:"
HideDrives~C="Do Not show C:"      
HideDrives~CD="Do Not show C: and D:"                  
HideDrives~CDA="Do Not show A: C: and D:"      
HideDrives~M="Do Not show M:"      
HideDrives~MN="Do Not show M: and N:"                        
HideDrives~MNA="Do Not show A: M: and N:"      
HideDrives_C="Show Only C:"
HideDrives_U="Show Only U:"
HideDrives_UA="Show Only A: and U:"
HideDrives_A-H="Hide A:-H: drives"
DriveRestrictions_Tip1=" Note: This is a sample policy that conflits with any Hide Drives"
DriveRestrictions_Tip2=" policy defined in common.adm and/or in the ZAK.  It is provided to"
DriveRestrictions_Tip3=" define common drive configurations in MetaFrame."

Author Comment

ID: 11934429

Thanks, this works very well.   AND you've shown me step by step, thanks you very very much Crow


Expert Comment

ID: 11934462
Glad to assist.  Remember that you can edit the settings of this file to meet the changing needs of your terminal services enviroment.

Expert Comment

ID: 13333193

I tried this as well, and it worked out fine. Howeever, it also applies when I log on as an administrator. Does anybody know how to make it apply to regular users only?


Featured Post

Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have never ceased to be amazed how many problems you can encounter on a fresh install of a Windows operating system.  This is certainly case in point& Unable to complete ANY MSI installation.  This means Windows Updates are failing and I can't …
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now