Solved

Documents and Settings folders - hiding in Terminal Services

Posted on 2006-11-22
13
1,066 Views
Last Modified: 2013-11-21
Hello.

We provide ASP services for clients who connect to out Terminal Server farms. Is there any way to hide the Documents and Settings folders so that users cannot see the names of other people using the system, or else restrict rights to the documents and settings folders so that users can only see their own folder displayed if they explore to it?

Thanks
0
Comment
Question by:IconsultCI
13 Comments
 
LVL 2

Expert Comment

by:Johnfdi
ID: 17998870
They will always need list access at the very least. So they will always see the other users names. You can block folder access to other users folders but not from seeing the other users names.
0
 
LVL 3

Expert Comment

by:nchondro
ID: 17999389
You can setup using Group policy so that the Terminal Services User group can only see certain folder.
0
 

Expert Comment

by:richard_diver
ID: 17999728
If you setup allows it, you could also hide the entire C: drive, this option prevents browsing to this or other drives as specified. This does not effect running of applications, just file browsing
0
 
LVL 10

Expert Comment

by:Phadke_hemant
ID: 18001054
if you set the mandetory profiles then after loging off, the user profile disappears. this way you can prevent it upto some extent. if more than one user is loging on at the same time, they can see the user logged on to the server
0
 
LVL 16

Accepted Solution

by:
Nyaema earned 84 total points
ID: 18001216
Remove the "List Files and Folders" permission for the "Everyone" and "Users" group on the Documents and settings folder.

i.e right click on the documents and settings folder, click on properties, and select the security tab then do the above.
Users will not be able to view the folders and documents and settings but administrators will.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 

Author Comment

by:IconsultCI
ID: 18001558
If I take away List Files and Folders from Everyone and users, when they attempt to logon will the profile be able to load ok? I'd assumed if they didnt have rights to view the folder, the profile would not be able to be created/amended??

Is there a Terminal Services policy that hides the entire C:? Any issues in your experience?
0
 
LVL 7

Expert Comment

by:DenisCooper
ID: 18003295
If you just want to hide the Documents and Settings folders, by default, users shouldn't be able to see hidden folders, so you can hide the folder, and then restrcit changing folder properties through Group Policy.

0
 
LVL 7

Assisted Solution

by:DenisCooper
DenisCooper earned 83 total points
ID: 18003363
alternativly, you could hide the whole c: drive - which is propably recommended....

group policy editor > user settings > administrative templates > windows components > windows explorer > hide these specified drives in my computer

you could also use the prevent access to these drives setting
0
 
LVL 5

Expert Comment

by:Yogalingam
ID: 18003485
See the below link, for hiding drives or folders using regedit or group policies. take backup of your registry before making any registry changes.

http://thin.msterminalservices.org/hidedrives.cfm
0
 
LVL 74

Assisted Solution

by:Jeffrey Kane - TechSoEasy
Jeffrey Kane - TechSoEasy earned 83 total points
ID: 18009103
Actually, ever since SP1, Windows Server 2003 includes the ability to configure Access Based Folder Enumeration: (a fancy title meaning that users that don't have permissions to a folder can't see it):

http://www.windowsnetworking.com/articles_tutorials/Implementing-Access-Based-Enumeration-Windows-Server-2003.html

This ONLY works in a Terminal Services environment if your user's My Documents folders are stored on a different server.

Jeff
TechSoEasy
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Remote Apps is a feature in server 2008 which allows users to run applications off Remote Desktop Servers without having to log into them to run the applications.  The user can either have a desktop shortcut installed or go through the web portal to…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now