-----Original Message-----
I am trying to configure a Group Policy on an XP pro machine to restrict
access to a drive that isn't listed. So I went to knowledge article
231289 (
http://support.microsoft.com/default.aspx? scid=kb;en-us;231289 )
and here it gives specific instructions on how to change/add the
binary/decimal code. I want to add restrictions to my F drive. From what
it looks like the code should be:
ITEMLIST
NAME !!F_Only VALUE NUMERIC 32
STRINGS
F_Only="Restrict F drive only"
They are in the correct places under itemlists and under strings. I save
the new changes, and restart my computer. I then open the MMC and see
that changes have not gone into effect. What am I
missing??
Your values work for me on my standalone WinXP workstation... All I can
think of is that KB231289 does not really tell you all the steps you need to
take. I will outline what I did and maybe you can use it to make this work
on your computer:
- Use notepad to open C:\WINDOWS\system32 \GroupPolicy\Adm\system.adm
- Edit the file using the values you posted (and following the general
procedure given in KB231289)
- Run the Group Policy Editor (gpedit.msc) and enable the "Hide these
specified drives in My Computer" option: "Restrict F drive only" found under
User Configuration\Administrative Templates\Windows Components\Windows
Explorer
- Close gpedit.msc, open Explorer, and the F: drive is hidden
Other suggestions:
Check to see if gpedit.msc wrote the NoDrives value to the correct registry
key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersi on\Policies\
Explorer
Note: The above is where the Group Policy Editor wrote the value on my
machine. However, according to the "Group Policy Settings Reference
Spreadsheet" (see link below) it should be written in the location below.
And, indeed, if you manual create the REG_DWORD value (as exported and shown
below, watch for wrap) the F drive will be hidden (after rebooting or using
taskmgr to End Process, and then Run, explorer):
---------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
ion\policies\
Explorer]
"NoDrives"=dword:00000020
------------------
More resources about writing *.adm files:
Newsgroup:
microsoft.public.windows.group_policy
Documentation:
Implementing Registry-Based Group Policy (rbppaper.doc)
http://www.microsoft.com/WINDOWS2000/techinfo/howitworks/ management/rbppaper.asp
Windows 2000 Group Policy White Paper (grouppolwp.doc)
http://www.microsoft.com/windows2000/techinfo/howitworks/ management/grouppolwp.asp
Group Policy Settings Reference for Windows Server 2003 (PolicySettings.xls)
FamilyId=7821C32F-DA15-438D-8E48-
45915CD2BC14&displaylang=en
Microsoft Windows XP - Resources about Group Policy and related technologies
http://www.microsoft.com/resources/documentation/windows/ xp/all/proddocs/en-us/gpe_resources.mspx
.
