Deny windows explorer from users

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

How to deny Windows Explorer from users?

I found a group policy to deny it from Desktop but it still appears on start
menu under accessories.

this is an application server (win 2000 server, application mode), where
user only works with certain applications and don't need to explore around.
 
Remove it from the users profile and deny, command prompt access. But I
highly doubt you will be able to prevent access to this unless you are
willing to make this a kiosk style lockdown. Explorer is the base of the
user experience. If you run Task manager you will notice that it is always
running. If you kill it, it will reload itself.

--


Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

This posting is provided "AS IS" with no warranties, and confers no rights.
 
Paul is correct try using a startup script with AD to hide(/delete/ change
NTFS) the icon or icons use a batch file. If you need help let me know...
 
If your goal is prevent access to file and folders in explorer, hiding the
"Windows Explorer" icon isn't really getting you anywhere. Keep in mind that
simply by accessing the File menu in notepad, for example, you have the same
access as explorer. If you want to prevent access to files and folders, you
need to configure you file permissions and restrict access to "Network
Places", control panel and other such things that are available in Explorer.
You can hide drives using group policy. The setting in group policy is weak,
and you can actually customize more in detail which drives are displayed
using a different the registry modification than what is available in group
policy. There is a KB article I believe that explains how to do so. Basically
each drive has a decimal value. You add together the values of each drive you
want to hide and assign that total to a registry DWAORD value called "No
Drives" that you put in
Software\Microsoft\Windows\CurrentVersion\Policies\Explorer.

This trick only hides them. It does not prevent access to drives. There are
ways around this trick to access the drives if some other policies are not
configured properly. For example, in Internet Explorer, you can jump out of
the web to a local disk by simply typing C:\ in the address bar. There is a
group policy that prevents this.

In order to totally secure file/folder access is to configure NTFS ACLs.
 
Back
Top