Knowledgebase
Hiding access from remote users for local drives on the terminal server
Posted by Lee Warren on 13 August 2014 09:03 AM

Hiding/Preventing Access to Drives

You can use Group Policy settings to hide and restrict access to drives on the RD Session Host server. By enabling these settings you can ensure that users do not inadvertently access data stored on other drives, or delete or damage programs or other critical system files on drive C.

The following settings are located in the Group Policy Management Console under User Configuration\Policies\Administrative Templates\Windows Components\Windows Explorer:

  • Hide these specified drives in My Computer. You can remove the icons for specified drives from a user’s My Computer folder by enabling this setting and using the drop-down list to select the drives you would like to hide. However, this setting does not restrict access to these drives.
  • Prevent access to drives from My Computer. Enable this setting to prevent users from accessing the chosen combination of drives. Use this setting to lock down the RD Session Host server for users accessing it for their primary desktop.

Applies to:

  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows Server 2003

Other Group Policy Settings for Additional Security

You can also enable the following Group Policy settings at User Configuration\Administrative Templates\Windows Components\Windows Explorer:

  • Hides the Manage item on the Windows Explorer context menu — Enabled
  • Remove Hardware tab — Enabled
  • Remove “Map Network Drive” and “Disconnect Network Drive” — Enabled
  • Remove Search button from Windows Explorer — Enabled
  • Disable Windows Explorer's default context menu — Enabled
  • Remove Run menu from Start Menu — Enabled

Applies to:

  • Windows Server 2008 R2
  • Windows Server 2008
  • Windows 7
  • Windows Vista
  • Windows XP
(15 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments: