Solved

Disable access to or not view Drive C: SBS2011 / servers - via group policy

Posted on 2014-04-21
7
594 Views
Last Modified: 2014-05-01
Hi All

Our client has asked us to disable users access / or hide drive C: on four of their company servers.

Two of them are server 2008 r2, one of them is a server 2003 unit and the final one is their SBS2011 server. - these machines are TS'ed into (except sbs 2011)

We wish to employ this via group policy.

Ideally we want this to apply just to the servers, but if it applies to the whole client group also that's fine.

I appreciate this can be achieved via hiding drive C and that's fine also.

I have found lots of methods to achieve this with server 2003 but not for sbs2011.

Any help would be appreciated.

Thank you
Andy
0
Comment
Question by:AndyKeen
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
7 Comments
 
LVL 28

Accepted Solution

by:
Michael Pfister earned 500 total points
ID: 40014235
If non-admins aren't using RDP to access the SBS, I'd just leave it.
Besides that its the same procedure for 2003 or SBS.

Since it has side effects in some applications when you prevent access to C:, I'd rather limit the GPO just to the servers that require it.

Its a user GPO so if you link it to the server's OU, you need turn on loopback processing.
http://support.microsoft.com/kb/231287/en-us
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 40014268
Hi Mpfister

Thanks for the info and feedback.

Is it not possible to 'hide' drive C from the users - how would this prevent programs from working.

I can see in various articles there are methods for hiding certain / all drives from view.

Are you saying that 'hiding' drives would have an adverse effect on programs also
Thanks
0
The Ultimate Checklist to Optimize Your Website

Websites are getting bigger and complicated by the day. Video, images, custom fonts are all great for showcasing your product/service. But the price to pay in terms of reduced page load times and ultimately, decreased sales, can lead to some difficult decisions about what to cut.

 
LVL 28

Expert Comment

by:Michael Pfister
ID: 40014289
You can use the GPO setting under User Configuration -> Administrative Templates -> Windows Components -> Hide these specified drives from "My Computer" and "Prevent access to drives from "My Computer" do disable C:.

But I've experienced error messages in some programs when users access an "Open file" dialog that defaults to C:\Users... The user gets an error message that its unable to access C:. If they click "ok" they can contine to browse to a different drive, but its a bit confusing.

Still access to C: is not really blocked, because Windows itself and installed programs wouldn't work anymore.
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 40015023
Thanks Mpfister for the info and insight - I shall let me customer know and he can make a more informed choice.
0
 
LVL 1

Author Comment

by:AndyKeen
ID: 40034045
Thanks for the help Mpfister - my customer decided not to go with hiding drive C:
0
 
LVL 1

Author Closing Comment

by:AndyKeen
ID: 40034046
Quick and Concise - excellent
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The SBS 2011 release date (RTM) is supposed to be around Christmas, 2011.  This article is a compilation of my notes -- things I have learned first hand.  The items are in a rather random order, but I think this list covers most of what is new and d…
The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question