Solved

I want to hide E: drive using Group Policy on Windows 2012 Server

Posted on 2014-09-12
4
3,171 Views
Last Modified: 2015-12-07
Hi
I want to hide e: drive using GPO
THis is not part of the default as it only can hide up to D:

I have found this: http://support.microsoft.com/kb/231289/en-us

2 questions:
1. Where do i find system.adm file?
2. What do i write in to trigger the policy to hide E: drive
    NAME !!EOnly            VALUE NUMERIC (????)


Thanks in advance
0
Comment
Question by:morten444
4 Comments
 
LVL 1

Expert Comment

by:Chris Berry
ID: 40318859
If you want to hide any other drive than A B C D, you have to manually edit in the registry.

Guide below from superuser.com

The first step is to load the registry hive of the user you are removing the drives from. The user must be logged out for this to work; in fact, it's better to do a fresh restart before doing this process.

1) Open the registry editor with administrative privileges
2) Select HKEY_USERS
3) Choose Load Hive from the File menu
4) Navigate to that user's profile folder, usually C:\users\username
5) Enter NTUSER.DAT in the File name box. This file is a system-hidden file, so it won't show up in the file selection window. You have to type it in. Be sure not to select ntuser.dat.log by accident.
6) Click ok, then enter a name for the key. We'll call it Foo.
7) Go to HKEY_USERS\Foo\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
8) Create a new 32-bit DWORD value and name it NoDrives to hide the drives, or NoViewOnDrive to completely disable access.
9) The value you enter depends on the drive(s) you want to restrict, and is a bit tricky. Each letter, starting with Z and going down to A, is represented by a 1 (disabled) or 0 (enabled). Make this binary number, then convert it to hexidecimal. This is the number you put in the box. For example, D is the fourth drive letter from the right, and everything to the left of it is a 0, so the number will be b1000, which is x08000000, so you would enter 08000000 as the value. To disable C and D, you would use b1100, or x0c000000. If this confused you, post in the comments for help.
10) Once you've saved this value, navigate back up to HKEY_USERS, select the key you loaded, and then click File > Unload Hive. This step is ABSOLUTELY CRITICAL!! If you don't unload the hive, the user will be unable to login properly.
11) Close the registry editor, then restart the computer. The new settings should have taken effect.
0
 

Author Comment

by:morten444
ID: 40318929
Hi
As this is a server with about 90 clients i wanted to do it using the link above as this does it through gpo. Just need some more details based on the 2 questions.
I think gpo is the best way to go
0
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 40319446
The gpo is now called WindowsExplorer.admx  %systemroot%\policyDefinitions\en-us

 Create a copy of it named i.e. WindowsExplorer2.admx also create a copy of the .adml (for me in the en-us folder) and rename it as the copy you made before.  
use the admx migrator http://www.microsoft.com/en-us/download/details.aspx?id=15058 to edit the file and add the exclude drive e
100000 \
EDCBA /    = 65536
To exclude ABCDE the value will be 69905  (use the calculator in programmers mode to check the hex and the decimal values
My Hide Drive E admx
0
 

Expert Comment

by:UDSquare
ID: 41359440
How can do it for Drive P and E ?
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

What to do when Windows Update is not working correctly? What tools can I use to detect the cause of the malfunction problem? What does this numeric error code mean? These and other questions that you have been asking in the past are answered here (…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now