uswrad
asked on
How do I prevent use of Windows Explorer Address Bar to get to C drive?
On Windows Server 2000, using Terminal Services, I have hidden the C and D drives via AD Group Policy, but in Windows Explorer, how to I prevent use of the Address bar to get to C:\? The C drive (and it's contents) needs the NTFS permissions to be Everyone, so I cannot prevent users from access to the C drive while in Windows Explorer through NTFS permission changes. I thought that perhaps there would be an AD Group Policy and/or reg hack for this, but I cannot find it. Goal is for users to get a simple "Access Denied" message if they type C:\ in the Windows Explorer Address bar.
ASKER
The goal is to publish Windows Explorer on a MS Windows Server 2000 Terminal Services server (already being done) and at least block the obvious ways that a user could accidentally get into trouble (like going to the Server C drive instead of his local client C drive.
My real problem is that this was already accomplished several years ago on some servers we have by an outside consultant but we did not document how he accomplished it and he is no longer available. We are just wanting to do what is already working on older servers on our newer servers (still Windows Server 2000 server). We tried the obvious AD setting under the User config area titled "Prevent access to drives from My Computer." However, blocking access through this group policy setting prevents Windows Explorer from running for a user (as you mention in your post above).
We are launching Explorer.exe from a simple command line script (after the script simply maps the drives/resources the user SHOULD have access to), so I'm wondering if there might be a "switch" that prevents direct use of the Address bar OR (as second option for a solution) removes/hides the Address bar all together.
My real problem is that this was already accomplished several years ago on some servers we have by an outside consultant but we did not document how he accomplished it and he is no longer available. We are just wanting to do what is already working on older servers on our newer servers (still Windows Server 2000 server). We tried the obvious AD setting under the User config area titled "Prevent access to drives from My Computer." However, blocking access through this group policy setting prevents Windows Explorer from running for a user (as you mention in your post above).
We are launching Explorer.exe from a simple command line script (after the script simply maps the drives/resources the user SHOULD have access to), so I'm wondering if there might be a "switch" that prevents direct use of the Address bar OR (as second option for a solution) removes/hides the Address bar all together.
You can simply go to view and uncheck address bar? is that what you wanted.
Also, there are quite a few switches for explorer
http://support.microsoft.com/kb/307856
But they don't do what you want necassarily, you could use them in combination to do what you want, disable the buttons and address bars, then call "Explorer /e,C:\some_folder\you_want
This may also help: http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
-rich
Also, there are quite a few switches for explorer
http://support.microsoft.com/kb/307856
But they don't do what you want necassarily, you could use them in combination to do what you want, disable the buttons and address bars, then call "Explorer /e,C:\some_folder\you_want
This may also help: http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
-rich
The registry settings are:http://support.microsoft.com/?kbid=842903
You should be able to make the setting as an admin, copy the profile to all users and it should stick, until someone sees they can put a check next to them in view...
-rich
You should be able to make the setting as an admin, copy the profile to all users and it should stick, until someone sees they can put a check next to them in view...
-rich
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
neat, does it prevent short-cut keys? Like Windows-Key+R http://labmice.techtarget.com/articles/keyboard.htm Just curious.
-rich
-rich
richrumble - enabling this group policy setting does indeed prevent Windows Logo shortcuts like Win+R
Does it remove the "new task" option in task manager (ctrl+alt+delete File->new task(run))
-rich
-rich
Perhaps there is another way... what is the real goal? Prevent software installs?
-rich