Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

I want to hide E: drive using Group Policy on Windows 2012 Server

Posted on 2014-09-12
4
Medium Priority
?
4,832 Views
Last Modified: 2015-12-07
Hi
I want to hide e: drive using GPO
THis is not part of the default as it only can hide up to D:

I have found this: http://support.microsoft.com/kb/231289/en-us

2 questions:
1. Where do i find system.adm file?
2. What do i write in to trigger the policy to hide E: drive
    NAME !!EOnly            VALUE NUMERIC (????)


Thanks in advance
0
Comment
Question by:morten444
4 Comments
 
LVL 1

Expert Comment

by:Chris Berry
ID: 40318859
If you want to hide any other drive than A B C D, you have to manually edit in the registry.

Guide below from superuser.com

The first step is to load the registry hive of the user you are removing the drives from. The user must be logged out for this to work; in fact, it's better to do a fresh restart before doing this process.

1) Open the registry editor with administrative privileges
2) Select HKEY_USERS
3) Choose Load Hive from the File menu
4) Navigate to that user's profile folder, usually C:\users\username
5) Enter NTUSER.DAT in the File name box. This file is a system-hidden file, so it won't show up in the file selection window. You have to type it in. Be sure not to select ntuser.dat.log by accident.
6) Click ok, then enter a name for the key. We'll call it Foo.
7) Go to HKEY_USERS\Foo\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
8) Create a new 32-bit DWORD value and name it NoDrives to hide the drives, or NoViewOnDrive to completely disable access.
9) The value you enter depends on the drive(s) you want to restrict, and is a bit tricky. Each letter, starting with Z and going down to A, is represented by a 1 (disabled) or 0 (enabled). Make this binary number, then convert it to hexidecimal. This is the number you put in the box. For example, D is the fourth drive letter from the right, and everything to the left of it is a 0, so the number will be b1000, which is x08000000, so you would enter 08000000 as the value. To disable C and D, you would use b1100, or x0c000000. If this confused you, post in the comments for help.
10) Once you've saved this value, navigate back up to HKEY_USERS, select the key you loaded, and then click File > Unload Hive. This step is ABSOLUTELY CRITICAL!! If you don't unload the hive, the user will be unable to login properly.
11) Close the registry editor, then restart the computer. The new settings should have taken effect.
0
 

Author Comment

by:morten444
ID: 40318929
Hi
As this is a server with about 90 clients i wanted to do it using the link above as this does it through gpo. Just need some more details based on the 2 questions.
I think gpo is the best way to go
0
 
LVL 84

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 40319446
The gpo is now called WindowsExplorer.admx  %systemroot%\policyDefinitions\en-us

 Create a copy of it named i.e. WindowsExplorer2.admx also create a copy of the .adml (for me in the en-us folder) and rename it as the copy you made before.  
use the admx migrator http://www.microsoft.com/en-us/download/details.aspx?id=15058 to edit the file and add the exclude drive e
100000 \
EDCBA /    = 65536
To exclude ABCDE the value will be 69905  (use the calculator in programmers mode to check the hex and the decimal values
My Hide Drive E admx
0
 

Expert Comment

by:UDSquare
ID: 41359440
How can do it for Drive P and E ?
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
Windows Server 2003 introduced persistent Volume Shadow Copies and made 2003 a must-do upgrade.  Since then, it's been a must-implement feature for all servers doing any kind of file sharing.
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

571 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question