Disable access to or not view Drive C: SBS2011 / servers - via group policy
Hi All
Our client has asked us to disable users access / or hide drive C: on four of their company servers.
Two of them are server 2008 r2, one of them is a server 2003 unit and the final one is their SBS2011 server. - these machines are TS'ed into (except sbs 2011)
We wish to employ this via group policy.
Ideally we want this to apply just to the servers, but if it applies to the whole client group also that's fine.
I appreciate this can be achieved via hiding drive C and that's fine also.
I have found lots of methods to achieve this with server 2003 but not for sbs2011.
Any help would be appreciated.
Thank you
Andy
Our client has asked us to disable users access / or hide drive C: on four of their company servers.
Two of them are server 2008 r2, one of them is a server 2003 unit and the final one is their SBS2011 server. - these machines are TS'ed into (except sbs 2011)
We wish to employ this via group policy.
Ideally we want this to apply just to the servers, but if it applies to the whole client group also that's fine.
I appreciate this can be achieved via hiding drive C and that's fine also.
I have found lots of methods to achieve this with server 2003 but not for sbs2011.
Any help would be appreciated.
Thank you
Andy
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Mpfister
Thanks for the info and feedback.
Is it not possible to 'hide' drive C from the users - how would this prevent programs from working.
I can see in various articles there are methods for hiding certain / all drives from view.
Are you saying that 'hiding' drives would have an adverse effect on programs also
Thanks
Thanks for the info and feedback.
Is it not possible to 'hide' drive C from the users - how would this prevent programs from working.
I can see in various articles there are methods for hiding certain / all drives from view.
Are you saying that 'hiding' drives would have an adverse effect on programs also
Thanks
You can use the GPO setting under User Configuration -> Administrative Templates -> Windows Components -> Hide these specified drives from "My Computer" and "Prevent access to drives from "My Computer" do disable C:.
But I've experienced error messages in some programs when users access an "Open file" dialog that defaults to C:\Users... The user gets an error message that its unable to access C:. If they click "ok" they can contine to browse to a different drive, but its a bit confusing.
Still access to C: is not really blocked, because Windows itself and installed programs wouldn't work anymore.
But I've experienced error messages in some programs when users access an "Open file" dialog that defaults to C:\Users... The user gets an error message that its unable to access C:. If they click "ok" they can contine to browse to a different drive, but its a bit confusing.
Still access to C: is not really blocked, because Windows itself and installed programs wouldn't work anymore.
ASKER
Thanks Mpfister for the info and insight - I shall let me customer know and he can make a more informed choice.
ASKER
Thanks for the help Mpfister - my customer decided not to go with hiding drive C:
ASKER
Quick and Concise - excellent
http://social.technet.microsoft.com/wiki/contents/articles/2548.windows-server-understand-user-group-policy-loopback-processing-mode.aspx