RE: [ActiveDir] Bug in GPO?

[Steve Rochford]

I'd completely agree with this. I work in a college and we don't want the students to (accidentally or deliberately) play with files on the C: drive but even the tightest set of policies makes no real difference - just typing "C:" into a file open dialog will show you the drive and typing "desktop" into the address bar in Internet Explorer also leads to some fun :-)   In the end it's easier to make sure that permissions are as tight as possible so that people can't do too much damage and be prepared to re-image the machine if they do!   Steve From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] Sent: 31 December 2003 04:06 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Bug in GPO? Mark- This worked for me on XP as expected--I chose to hide the C: drive using this policy and it was hidden in both My Computer and Explorer. One thing I did note was that, if I enabled this policy while I had Explorer up and running, the C: drive would only get "partially" hidden. That is, it still appeared in the Explorer tree view but didn't in the right hand results pane. Weird. Restarting Explorer cleared that up and C: was gone.   Just as a note, this policy is really nothing more than "shell obfuscation". For example, even with the C: drive hidden in Explorer, there are numerous ways the intrepid user can get to C:. For example, opening a command shell, using the File Open dialog in any number of applications, etc. So, even if you get it working, its not real security. I found that, in the past, it also confused some applications, depending upon how poorly they were written. In the end I decided to give up on the drive hiding thing because it caused more confusion than it fixed. Just my .02.   Darren