Quick Launch breaks after enabling "Prevent access to drives from My Computer" policy

We are running a Win2003 Terminal Server cluster and are having problems with the Quick Launch bar in user sessions.  Let me start by saying that the Terminal Servers are locked down via Group Policies.

Users can delete from the Quick Launch, but they are unable to change the order or add things to the Quick Launch by drag and drop.  Users can open a command prompt and copy things into their %userprofile%\Application Data\Microsoft\Internet Explorer\Quick Launch and they do show up.

So it's not a permissions issue.  That led me to believe maybe something strange was happening in the profile.  But that wasn't it either.  Next I looked at some of the lockdown policies inside the Group Policies.  I went through one by one and tested.  The policy that is breaking the Quick Launch is:
User Configuration\Administrative Templates\Windows Components\Windows Explorer
"Prevent access to drives from My Computer"
It's "Enabled" and set to "Restrict A, B, C and D drives only"

I can't find anything via google about other people that have experienced this.  Microsoft doesn't mention anything in their knowledge base either.  Why does this policy break Quick Launch?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Items on the quick launch bar are shortcuts stored in the following folder

C:\Documents and Settings\username\Application Data\Microsoft\Internet Explorer\Quick Launch

Since you not allowing access to the C: drive that would explain it.

tjgollihAuthor Commented:
Yes you are correct, but have you ever used that policy before?  Even if you set that policy to enabled, you can still access those drives via other means...otherwise that policy would break a ton of things.  Not just the Quick Launch.  If you notice the policy name "Prevent access to drives from My Computer".  Notice it only mentions "My Computer" and not prevent access to those drives from everything.

If anyone has any experience with this policy setting any help would be greatly appreciated.
Yes I use it frequently in our training room...

The policy is used to lock down Windows Explorer.   This is the shell that is used to generate the desktop, start bar, task bar etc...

This is also why certain other functions, like opening MS Word, clearly running from the C: drive still function, you are not launching MS Word inside the Explorer process.

Do the following,

Open Task manager
Go to your Processes tab
find Explorer.exe
End the process

I bet the taskbar-start button-quick launch all disappeared.  They are running under the explorer processes, and is why the policy effects them.

(if you need to get your desktop back, in task manager go to the Applications Tab, click New Task, and type explorer.exe)

Hope that clarifies it for you

Starting with Angular 5

Learn the essential features and functions of the popular JavaScript framework for building mobile, desktop and web applications.

tjgollihAuthor Commented:
I understand that the quick launch, taskbar, etc. are part of the explorer.exe process.  Why do my start menu shorcuts still show up?  Why do my favorites still show?  That's all part of the explorer.exe off the start button.  Why am I still able to use the quick launch bar? The only two things I can do are add items to the quick launch and rearrange them.  Other than that, the quick launch is fully functional.

If what your saying was true then I wouldn't even be able to use quick launch at all.
tjgollihAuthor Commented:
That was supposed to be "can't do" in my 5th sentence there.  Haven't figured out if you can edit your posts here yet.
I would assume it applies a series of "Special Permissions"

The description of the policy states

 "Also, this setting does not prevent users from using programs to access local and network drives. And, it does not prevent them from using the Disk Management snap-in to view and change drive characteristics."

So I would assume most of the core operating system still has read/execute to most of the Drive.  Users are just prevented from opening/browsing/modifing the drive.

Thats the best I can offer.  I would assume that launching an item from the quick launch is viewed as a system read only process, where adding a new icon, where it has to store a .LNK file in a folder is considered a write process and is denied.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tjgollihAuthor Commented:
I think you're probably right, but I still don't get it though.  My desktop, favorites, and even the start menu are working fine.  I can add, delete, rename, sort, etc.  All of those are in the profile on the C drive as well.  Quick Launch appears to be the only problem.

Wonder if there is some way to fool it into thinking the drive is really there.  I'll have to keep researching this because our users are going to get ticked off soon enough if they can't change or add to what's in the Quick Launch.  Turning off that policy is not an option as this is a Terminal Server and we don't want users poking around in the local drives.

Thanks for the help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.