JSI Tip 4670. 'Prevent Access to Drives from My Computer' group policy informational message is incorrect?

When you view the informational message in the Prevent Access to Drives from My Computer group policy, it displays:

If you enable this setting, users cannot view the contents of the selected drives in My Computer or Windows Explorer. Also, they cannot use the Run dialog box, the Map Network Drive dialog box, or the Dir command to view the directories on these drives.

Even though you enable this GPO, user can:

1. Browse the folder structure by pressing the plus sign (+) in the Folders pane. If they press a folder name, they receive the restriction message.

2. The Dir command is NOT disabled.

To fully prevent this browsing in Windows Explorer, also use the Hide these specified drives in My Computer group policy.

To prevent the Dir command, use the Disable the command prompt policy, or set NTFS permissions on the folder.

NOTE: For additional restrictions, see tip 3507 » What Group Policies do I implement to lock down a Windows 2000 Terminal Services session?



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish