[xp] disablen cdrom en adrive op clients in gpo w2k3

3636 » How do I prevent users from using My Computer to access the content of selected drives?


In tip 0050, I described the NoDrives value name, which implements the Hide these specified drives in My Computer Group Policy at User Configuration\Administrative Templates\Windows Components\Windows Explorer. The Hide these specified drives in My Computer Group Policy removes the icons for selected drives from My Computer and from Window Explorer. These drive letters do NOT appear in the standard Open dialog.

If you wish to display the drive icons, but prevent access to the content of selected drives, use the Prevent access to drives from My Computer Group Policy at User Configuration\Administrative Templates\Windows Components\Windows Explorer.

When a drive is selected in the Prevent access to drives from My Computer Group Policy, users can NOT view the contents in My Computer, Windows Explorer, the Start / Run dialog, or the Map Network Drive dialog.

The policy is implemented by setting the low order 26 bits of the NoViewOnDrive value name, a REG_DWORD data type, at HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer. The rightmost bit represents drive A and the 26th bit from the right represents drive Z. To restrict access to a drive, set the bit that corresponds to its drive letter to 1. To restrict access to all 26 drives, set all bits to 1, which corresponds to a data value of 0x3FFFFFF.

NOTE: This entry does NOT prevent users from using programs to access local and network drives, including the Disk Management snap-in to view and change drive characteristics.