Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


Masking Drives for Terminal server users

Posted on 2004-08-29
Medium Priority
Last Modified: 2012-05-05
I have a Windows server 2003 and using Terminal server option for users. In the GPO I'm masking all local drives because I de not want users to see the c: to h: drives in the explorer. All users loging in a terminal server session have there local worstation drive loged and that works fine.

The probleme is that I'm trying to access a shared folder on the terminal servers h: but since I use the "mask all drives in GPO" it seems that I cannot see the network drive in the explorer of that users terminal session.

Is there a way to fixe that?

Question by:yvallee
  • 4
  • 2

Expert Comment

ID: 11927731
In group policy there are two options in regards to user/drive interaction

hide drives
prevent access

The hide drive setting will still allow a users to access the drive but it won't show up in explorer.  The prevent access setting will do just that, prevent access.  Which setting are you using?

You can also create a custom administrative template to hide or prevent access to specific drives (not just the ones specified in the original microsoft policies).  Check out the following link for more info on the process:


Let me know if you would like more details or clarification

Author Comment

ID: 11928086
This could work but how and where do I start to create a custom policy that would allow me to hide from a: to h: ?

Is this in registry?


Expert Comment

ID: 11932713
I've built out the custom adm file to hide the specific drives you want I will paste the info in a separate post.  Here are the instructions:

Copy the contents of the next post to a text file and rename the file HideDrives.adm
Open group policy or local policy editory (if it only needs to apply to one machine I use gpedit.msc on the local machine)
Under User configuration right click on Administrative Templates and choose Add/Remove Templates
In the Add/Remove Templates window click Add
Copy the HideDrive.adm file to the location shown, select it and click open
Close the Add/Remove Template Window
Expand User>Administrative Templates>MetaFrame Sample Policy>Windows NT>Explorer>Drive Restrictions
Doubleclick on Hide (or show) the selected drives
Enable the policy and from the drop down list select Hide Drives A-H

Good Luck
If you need more info or have problems with this let me know
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Accepted Solution

SamuraiCrow earned 2000 total points
ID: 11932728



      CATEGORY !!Restrictions
            POLICY !!HideDrives

            ; This policy is will only show or hide the specified drives
            ; in the client session.  The registry key that this policy
            ; effects uses a decimal number which corresponds to a 26 bit
            ; binary string, with each bit representing a drive letter:
            ; 11111111111111111111111111
            ; 1=hide and 0=show. The above configuration corresponds to 67108863d and

            ; hide all drives.  If you wanted to hide the C: drive you would make
            ; the 3rd lowest bit a 0 and then convert the binary string to decimal.
            ; Note: Clearing the check box will delete the "NoDrives" entry
            ; entirely, and therefore, all drives will be automatically shown.
            ; Feel free to add aditional drive configurations or remove others.
            ; If you want to configure this policy to show a different combination
            ; of drives, create the desired binary string, convert to decimal
            ; and add a new entry to the ITEMLISTand define the string.
            ; Remember that this function affects Explorer and Explrer-style dialogs
            ; but it has NO effect on the command line.
            ; The naming conventions used below is that a ~ means hide and _ mean shown


            KEYNAME Software\Microsoft\Windows\CurrentVersion\Policies\Explorer

                  PART !!HideDrivesOptions      DROPDOWNLIST
                  VALUENAME "NoDrives"            
                        Name !!HideDrives~all      VALUE NUMERIC 67108863
                        NAME !!HideDrives~A      VALUE NUMERIC 1
                        NAME !!HideDrives~C      VALUE NUMERIC 4
                        NAME !!HideDrives~CD      VALUE NUMERIC 12                  

                        NAME !!HideDrives~CDA      VALUE NUMERIC 13
                        NAME !!HideDrives~M      VALUE NUMERIC 4096
                        NAME !!HideDrives~MN      VALUE NUMERIC 12288                  

                        NAME !!HideDrives~MNA      VALUE NUMERIC 12289
                        NAME !!HideDrives_C      VALUE NUMERIC 67108859
                        NAME !!HideDrives_U      VALUE NUMERIC 66060287
                        NAME !!HideDrives_UA      VALUE NUMERIC 66060286
                        NAME !!HideDrives_A-H      VALUE Numeric 255
                  END ITEMLIST
                  END PART
                  PART !!DriveRestrictions_Tip1      TEXT      END PART
                  PART !!DriveRestrictions_Tip2      TEXT      END PART
                  PART !!DriveRestrictions_Tip3      TEXT      END PART
                  ; NOTE: This is a sample policy that conflits with the
                  ; Shell\Restrictions\Hide Drives policy defined in common.adm and

                  ; in the ZAK. It is provided as a template that defines common drive
                  ; configurations in MetaFrame
                  END POLICY



CCI="Metaframe Sample Policy"
WindowsNT="Windows NT"
Restrictions="Drive Restrictions"
HideDrives="Hide (or show) the selected drives"
HideDrivesOptions="Choose from the following configuration:"
HideDrives~all="All Drives are hidden"
HideDrives~A="Do Not show A:"
HideDrives~C="Do Not show C:"      
HideDrives~CD="Do Not show C: and D:"                  
HideDrives~CDA="Do Not show A: C: and D:"      
HideDrives~M="Do Not show M:"      
HideDrives~MN="Do Not show M: and N:"                        
HideDrives~MNA="Do Not show A: M: and N:"      
HideDrives_C="Show Only C:"
HideDrives_U="Show Only U:"
HideDrives_UA="Show Only A: and U:"
HideDrives_A-H="Hide A:-H: drives"
DriveRestrictions_Tip1=" Note: This is a sample policy that conflits with any Hide Drives"
DriveRestrictions_Tip2=" policy defined in common.adm and/or in the ZAK.  It is provided to"
DriveRestrictions_Tip3=" define common drive configurations in MetaFrame."

Author Comment

ID: 11934429

Thanks, this works very well.   AND you've shown me step by step, thanks you very very much Crow


Expert Comment

ID: 11934462
Glad to assist.  Remember that you can edit the settings of this file to meet the changing needs of your terminal services enviroment.

Expert Comment

ID: 13333193

I tried this as well, and it worked out fine. Howeever, it also applies when I log on as an administrator. Does anybody know how to make it apply to regular users only?


Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin In this article I will be guiding through the process of removing a failed DC metadata from Active Directory (hereafter, AD) using the ntdsutil tool in a Windows Server 2003 environment. These steps are not necessary in a Win…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
How can you see what you are working on when you want to see it while you to save a copy? Add a "Save As" icon to the Quick Access Toolbar, or QAT. That way, when you save a copy of a query, form, report, or other object you are modifying, you…

569 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question