Solved

Disabling Libraries, Favorites, etc in windows 2008 terminal on a save as.

Posted on 2010-09-16
3
3,012 Views
Last Modified: 2013-11-21
Hi guys, we are using remoteapp to push out software to users.  One of the critical functions of the app is to allow remote users to upload files through the app.  When the attachment button is activated in the app, it opens a standard explorer windows to browse to the item,  Nothing fancy, very standard and straightforward.  What we are trying to do is hide or disable the some of the icons in the left hand (navigation) pane like all sub items under "Favorites" (Desktop, Downloads Recents Places), "Libraries" (Documents, Music, Videos, Pictures), and "Network."  
I have tried using the group policy editor to no avail.  I was able to hide them from the start menu, and the explorer from within a full blown terminal session, but when I just access the remote app and use the attach function within the remote app, it still appears in the navigation pane.  Any help would be greatly appreciated.
0
Comment
Question by:biffbyun
  • 2
3 Comments
 
LVL 16

Expert Comment

by:Spike99
ID: 33697235
We have the same issue: users had been saving files to the C: drive of the Terminal Server because they can see those local drives in 2008.

I came up with a custom ADM template that hides most of that stuff, but users can see some of it when they do a "Save As..." operation (see the code below).  I am no ADM guru, I found some links online that talked about which registry keys to edit to get rid of some of that stuff.  From there, I managed after much trial and error to create the custom ADM template.

The last section of the ADM template also hides the user folder on the desktop.  So that users can access their My Documents folder (which is redirected to a network share), we manually place a shortcut to the "My Documents" folder on their redirected desktop.

This custom ADM does work, but the "Public Folder" is still visible in the Navigation pane. I found one page that describes how to get rid of that for all users (we haven't tried this part yet):

http://www.mydigitallife.info/2007/11/09/hide-and-remove-public-folders-shortcuts-and-favorite-links-in-vista-explorer-shell/

For me, this is still a work in progress and we haven't put that custom ADM template into production yet, although, I did create a VBS script that hides that user folder on the desktop and we run that as a log on script (I couldn't get it to work in a GPO at first)..

See my own question about the user folder (which I kinda figured out on my own):
http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_26192501.html

I hope this helps.

Alicia
; Written by:	Alicia White
; Date:		04-28-2010
; Revised:	06-17-2010

CLASS MACHINE

CATEGORY "Windows 2008 Explorer Navigation Items"

	POLICY "Hide Libraries"
		KEYNAME "Software\Classes\CLSID\{031E4825-7B94-4dc3-B131-E946B44C8DD5}\ShellFolder"
		VALUENAME Attributes
		VALUEON NUMERIC 2962227469
		VALUEOFF NUMERIC 2961178893
	END POLICY

	POLICY "Hide Homegroup"
		KEYNAME "Software\Classes\CLSID\{B4FB3F98-C1EA-428d-A78A-D1F5659CBA93}\ShellFolder"
		VALUENAME Attributes
		VALUEON NUMERIC 2962489612
		VALUEOFF NUMERIC 2961441036
	END POLICY

	POLICY "Hide Networking"
		KEYNAME "Software\Classes\CLSID\{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}\ShellFolder"
		VALUENAME Attributes
		VALUEON NUMERIC 2962489444
		VALUEOFF NUMERIC 2953052260
	END POLICY

	POLICY "Hide Computer"
		KEYNAME "Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\ShellFolder"
		VALUENAME Attributes
		VALUEON NUMERIC 2962489612
		VALUEOFF NUMERIC 2961441036
	END POLICY

	POLICY "Hide Favorites"
		KEYNAME "Software\Classes\CLSID\{323CA680-C24D-4099-B94D-446DD2D7249E}\ShellFolder"
		VALUENAME Attributes
		VALUEON NUMERIC 2839544064
		VALUEOFF NUMERIC 2693792000
	END POLICY


END CATEGORY


CLASS USER

	CATEGORY "Windows Components"

	CATEGORY "Windows Explorer"

		POLICY "Hide User Folder on Server 2008 Desktop"

		EXPLAIN "Setting to remove User folder from Windows Server 2008 Desktop"

		KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu"

			VALUENAME "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"
				VALUEON "1"

		END POLICY

	END CATEGORY

END CATEGORY

Open in new window

0
 

Accepted Solution

by:
biffbyun earned 0 total points
ID: 33701892
Yeah, we definitely tried all those reg edits and like you said, while they work in the explorer windows, the libraries, favorites, network icons would still show up in the navigation pane when doing a "save a"s or "open" (for example adding attachments in an app) in the dialog box.  We were able to solve this issue by deleting some registry keys.

Reg keys need to be deleted from HKLM/software/classes/wow6432node/CLSID.  Also these key are protected so you will need to take ownership first and add full control by right clicking and choosing the permissions option.
{323CA680-C24D-4099-B94D-446DD2D7249E} – Favorites
{031E4825-7B94-4dc3-B131-E946B44C8DD5} – Libraries
{F02C1A0D-BE21-4350-88B0-7367FC96EF3C} - Network

It has worked for us and should be used in conjuction with the registry edits above for completeness.
0
 

Author Comment

by:biffbyun
ID: 33729512
Ok, I just wanted to update this thread.  While deleting the keys in the wow6432node/CLSID worked, when I deleted the key for the networks, it also disabled remote users ability to browse their own mapped local drives.  In our situation, users need to be able to access their own local drives to attach files to our remote app.  It's a necessary function of our workflow.  Hence, we needed a workaround.

So, instead of deleting the key, we just hid it by changing the value of the attributes key in the “Shell Folder” to b0940064 similar to what is done for the explorer shell.  It looks like the wow6432node controls the icons listed in the navigation pane when a “open as” or “save as” command is triggered.  I suspect that this would work for the 2 other keys above as well, but I wanted them totally disabled and not just hidden.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

I was supporting a handful of Windows 2008 (non-R2) 2 node clusters with shared quorum disks. Some had SQL 2008 installed and some were just a vendor application that we supported. For the purposes of this article it doesn’t really matter which so w…
The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now