Solved

Hidden C: Drive

Posted on 2006-11-28
20
733 Views
Last Modified: 2012-06-21
Hello,

We're running Windows 2003 Small Business Server & our previous Administrator has left the C: Drive hidden on the administrator account. I am assuming that this has been done locally by changing a registry key, not by Group Policy. Does anyone know how to release this drive?
0
Comment
Question by:ChrisH3
  • 9
  • 8
  • 2
  • +1
20 Comments
 
LVL 7

Expert Comment

by:ottobock
Comment Utility
Hello!
This may provide some assistance, if it was a registry edit:
http://www.experts-exchange.com/Operating_Systems/WinXP/Q_21592852.html
- Look for a NoDrives entry in the registry.

If I come across any other possibilities for SBS2003, I'll re-post.
I'm assuming by your question you've already checked the policies...
Good Luck!
- Mike (OB)
0
 

Author Comment

by:ChrisH3
Comment Utility
Hello,

I have found the NoDrives registry entry. From my research (http://www.winguides.com/registry/display.php/148/) under the Local_Machine collapse. What should I change the entry to? The type is set to Hexadecimal with the Value: 40000 & type REG_DWORD.

I'm thinking I should simply change the value to "0", but I want to confirm this before making this move.

0
 
LVL 7

Accepted Solution

by:
ottobock earned 500 total points
Comment Utility
Either set the value to 0, or delete the key entirely, then reboot.  Should work either way.  This key was actually added all together, so I would just delete it.  
- Mike (OB)
0
 

Author Comment

by:ChrisH3
Comment Utility
Hey Mike,

I deleted the key and the drive is now visible. However, when I go to double click it I get the message that says "You cannot access the drive because of restrictions in effect on the computer". Is there some type of Registry key that manages VIEWING the CONTENTS of a drive? Or could this be a domain policy that I have overlooked? Any suggestions on the key controlling this would be great.

Thanks,
Chris
0
 
LVL 7

Expert Comment

by:ottobock
Comment Utility
This sounds like a policy to me.  Please try this:

Open MMC on the server and add Global Policy Editor:
Start > Run > MMC > FILE, Add/Remove Snap-in... > click Add... > select 'Global Policy Object Editor' > click Add... > click FINISH

Then navigate to 'User Configuration/Administrative Templates/Windows Components', then highlight 'Windows Explorer.'  

There are a couple policies to look at on the right-side pane:
- Hide These Specified Drives From My Computer
- Prevent Access To Drives From My Computer

Also, if GPO's (group policy objects) are brought down from a domain controller on your network (i.e. a GPO set on an OU [Organizational Unit] in Active Directory), they will override your local policies.  This is probably not  the case with a Small Business Server...  But I thought I'd add it.  

Good Luck!
- Mike
0
 

Author Comment

by:ChrisH3
Comment Utility
Hey Mike,

Global Policy Object Editor  is not an option for me to Add when browsing Snap-Ins, only Group Policy Oject Editor is available. This may be affected because the previous administrator uses PolicyMaker Software. I am not familiar with this software. Is there any way you could help me sort this out? I'm fairly new to policies.

Thanks,

Chris
0
 
LVL 7

Expert Comment

by:ottobock
Comment Utility
I apologize, 'Group Policy Object Editor' is correct...  Give this a try, I'll also look into PolicyMaker, I'm not familiar with this...
- Mike
0
 
LVL 7

Expert Comment

by:ottobock
Comment Utility
PolicyMaker looks the same as the Group Policy Editor your opening in MMC.  

If you want to use PolicyMaker, navigate to 'User Configuration/Administrative Templates/Windows Components', then highlight 'Windows Explorer.'  Just like the MMC snap-in.
0
 

Author Comment

by:ChrisH3
Comment Utility
Hi Mike,

I've navigated to the Windows Explorer policy that notes hiding drives & allowing access to them. However, next to them it says "Not Configured".
0
 
LVL 7

Expert Comment

by:ottobock
Comment Utility
Hmm.  Perhaps another expert may be able to shead light, as I am close to leaving for the day...  I'll look around some more in regards to the error.  Is the exact error when accessing the drive:  "You cannot access the drive because of restrictions in effect on the computer" ??
- Mike (OB)
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 

Author Comment

by:ChrisH3
Comment Utility

The exact message I get is "This operation has been cancelled do to restrictions in effect on this computer. Please contact your system administrator". Interestingly enough, the drive that I unhid earlier (C: Drive) is now hidden again. This time, there isn't a NoDrive registry entry like before. Talk about weird?

Chris
0
 

Author Comment

by:ChrisH3
Comment Utility
Okay, here's what happened:

I deleted the Registry key for NoDrive. When I started PolicyMaker to search for the key you specified, it made the drive hidden again. To fix this problem, I installed the NoDrive Key again with a value set to 4 (blocking its visibility to C:). Then, I changed NoDrive to 0. The drive became hidden again, but I still couldn't access it.

I took a second look where the NoDrive Key was stored, and found NoViewOnDirve with a value set to 4. I changed this value to 0.

Then, I DENIED system permissions to both keys & have been able to logon/logoff and the drive still remains UN-hidden.

Hopefully that makes some sense! Other workstations in the office are having hidden drives as well. I'm not sure how I'm going to fix this problem yet. I noticed that there was a key named BMI.LOCAL under group policy that had NoDrive in it, but when I changed the value to 0 it did nothing for the hidden drives. Perhaps this is only a group policy for desktops?

Thanks for your help.
0
 
LVL 27

Expert Comment

by:Tolomir
Comment Utility
Did you find any data on that drive or is it empty?

Just curious about the purpose of that procedure...

Tolomir
0
 
LVL 7

Expert Comment

by:ottobock
Comment Utility
Okay, so it sounds like somewhere Windows held policy information that the drive was hidden, even though the Registry key was deleted.

I'm also curious, Is this the only server? Part of a domain? Still sounds like a Global Policy created and applied to an entire Active Directoy Organizational Unit...  Hmm.

Here is some information on RegKey NoViewDrive: http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/93573.mspx?mfr=true

Sounds like the previous administrator had plenty of time to 'personalize' the workplace.  :-)
- Mike (OB)
0
 

Author Comment

by:ChrisH3
Comment Utility
Mike,

You are correct, the previous administrator spent plenty of time personalizing the experience. That move now leaves him with plenty of time to search for a new job.

It is interesting that this has happened. Is there any way I can check to see if there is a policy applied to the entire Active Directory? The hidden drive problem is an issue on all computers & accounts on the network; even the Administrative account. By using the method above I've been able to gain access to the C: drive on our Terminal Server & Main FTP Server. The C: Drive does have important data on it, especially the terminal server. I'm still not quite sure what his intentions were. We're in the process of attempting to remove rediculous policies. Policies that deny the ability to change the background on all computers, etc.

Please advise me of the best option for removing this policy. Thank you very much for your help.
0
 
LVL 7

Expert Comment

by:ottobock
Comment Utility
If you can open Active Directory Users and Computers > right-click on the root of the domain (domain name) > select 'Properties' > select 'Group Policies' tab

I would hope there is something there... If there is, click Properties and check out the details on the policy.  Disable (dont delete) policies that may be causing the issues.  You may need to force update the client PC/Servers's using GPUPDATE command... -- Also look at some OU's Group Policy tab (folders w/Active Directory icons under root domain, if applicable)

Also, here is an interesting post regarding default GPO's on SBS2003:
http://www.experts-exchange.com/Operating_Systems/SBS_Small_Business_Server/Q_21677207.html?query=remove+gpo&clearTAFilter=true

Expert:TechSoEasy from the above article mentioned the GPMC.  You should be able to run a report to see what Policies are affecting the computers.  I just downloaded the Group Policy Management Console(GPMC) from the site below, and was able to see what policies were affecting my PC using the instruction.

Group policy Management Console:
http://www.microsoft.com/downloads/details.aspx?familyid=0A6D4C24-8CBD-4B35-9272-DD3CBFC81887&displaylang=en

Good luck!
- Mike (OB)
0
 
LVL 3

Expert Comment

by:yours_harjeet
Comment Utility
the drive has not been hidden but also locked,


check group policy in either default domain Group Policy or your GPO at :

User Configuration->Administrative templates->windows components->windows explorer->prevent access to drives in my computer.

if you can't access drive on Domain Contoller, it must be a default domain group policy setting.


Harjeet
0
 

Author Comment

by:ChrisH3
Comment Utility
Mike,

There are well over 50 policies being enforced. I checked this using your method described above. My question is, when I go to uncheck "Enforced" there is another item checked saying "Link Enabled". Does this have any effect on things?

Chris
0
 
LVL 7

Expert Comment

by:ottobock
Comment Utility
Hello,
I would disable the link if you wish to not use the policy for the given container.

Here is some further information regarding GPO inheritance, and some good information regarding GPO Links.
http://technet2.microsoft.com/WindowsServer/en/library/bd279f0f-596c-4cda-99f3-ff742fa8795e1033.mspx?mfr=true

In case you're up for more reading.  :-)
- Mike
0
 
LVL 3

Expert Comment

by:yours_harjeet
Comment Utility
yes link enabled do effects your policy

uncheck it also

Harjeet
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include tâ€Ĥ
This video discusses moving either the default database or any database to a new volume.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now