Solved

I want to hide E: drive using Group Policy on Windows 2012 Server

Posted on 2014-09-12
4
3,335 Views
Last Modified: 2015-12-07
Hi
I want to hide e: drive using GPO
THis is not part of the default as it only can hide up to D:

I have found this: http://support.microsoft.com/kb/231289/en-us

2 questions:
1. Where do i find system.adm file?
2. What do i write in to trigger the policy to hide E: drive
    NAME !!EOnly            VALUE NUMERIC (????)


Thanks in advance
0
Comment
Question by:morten444
4 Comments
 
LVL 1

Expert Comment

by:Chris Berry
ID: 40318859
If you want to hide any other drive than A B C D, you have to manually edit in the registry.

Guide below from superuser.com

The first step is to load the registry hive of the user you are removing the drives from. The user must be logged out for this to work; in fact, it's better to do a fresh restart before doing this process.

1) Open the registry editor with administrative privileges
2) Select HKEY_USERS
3) Choose Load Hive from the File menu
4) Navigate to that user's profile folder, usually C:\users\username
5) Enter NTUSER.DAT in the File name box. This file is a system-hidden file, so it won't show up in the file selection window. You have to type it in. Be sure not to select ntuser.dat.log by accident.
6) Click ok, then enter a name for the key. We'll call it Foo.
7) Go to HKEY_USERS\Foo\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
8) Create a new 32-bit DWORD value and name it NoDrives to hide the drives, or NoViewOnDrive to completely disable access.
9) The value you enter depends on the drive(s) you want to restrict, and is a bit tricky. Each letter, starting with Z and going down to A, is represented by a 1 (disabled) or 0 (enabled). Make this binary number, then convert it to hexidecimal. This is the number you put in the box. For example, D is the fourth drive letter from the right, and everything to the left of it is a 0, so the number will be b1000, which is x08000000, so you would enter 08000000 as the value. To disable C and D, you would use b1100, or x0c000000. If this confused you, post in the comments for help.
10) Once you've saved this value, navigate back up to HKEY_USERS, select the key you loaded, and then click File > Unload Hive. This step is ABSOLUTELY CRITICAL!! If you don't unload the hive, the user will be unable to login properly.
11) Close the registry editor, then restart the computer. The new settings should have taken effect.
0
 

Author Comment

by:morten444
ID: 40318929
Hi
As this is a server with about 90 clients i wanted to do it using the link above as this does it through gpo. Just need some more details based on the 2 questions.
I think gpo is the best way to go
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40319446
The gpo is now called WindowsExplorer.admx  %systemroot%\policyDefinitions\en-us

 Create a copy of it named i.e. WindowsExplorer2.admx also create a copy of the .adml (for me in the en-us folder) and rename it as the copy you made before.  
use the admx migrator http://www.microsoft.com/en-us/download/details.aspx?id=15058 to edit the file and add the exclude drive e
100000 \
EDCBA /    = 65536
To exclude ABCDE the value will be 69905  (use the calculator in programmers mode to check the hex and the decimal values
My Hide Drive E admx
0
 

Expert Comment

by:UDSquare
ID: 41359440
How can do it for Drive P and E ?
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will review the basic installation and configuration for Windows Software Update Services (WSUS) in a Windows 2012 R2 environment.  WSUS is a Microsoft tool that allows administrators to manage and control updates to be approved and ins…
Resolve DNS query failed errors for Exchange
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

947 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now