I've seen something similar in EasyInternet Caf�s in London, after you log off the system cycles and rebuilds itself from an image. I've seen people set a partition and assign it V: or something random, then disable the view and no one guesses it's there if they can't see it. The re-image occurs from there, local and quick. Low-tech way to do that is a parallel install and xcopy C: from a backup directory - works like a charm :) Rich
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Monday, January 12, 2004 9:45 AM To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Bug in GPO? I used to do a bit of work with some companies up north that had the same issue. They purchased a software product called DeepFreeze which basically reset the C drive back to the way it was at last boot up. They would image the systems, turn on deep freeze, and the users were not able to do anything that a simple reboot would not fix. They were also not able to save any data on drive C - in their case an added benefit. It may be worth looking into as an extra security setup especially in lab situations. Regards; James R. Day National Parks Service - AD Core Team (202) 354-1464 Fax (202) 371-1549 [EMAIL PROTECTED] |---------+----------------------------------> | | "Steve Rochford" | | | <[EMAIL PROTECTED]| | | .uk> | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org | | | | | | | | | 01/12/2004 11:24 AM GMT| | | Please respond to | | | ActiveDir | |---------+----------------------------------> >--------------------------------------------------------------------------- ---------------------------------------------------| | | | To: <[EMAIL PROTECTED]> | | cc: (bcc: James Day/Contractor/NPS) | | Subject: RE: [ActiveDir] Bug in GPO? | >--------------------------------------------------------------------------- ---------------------------------------------------| I'd completely agree with this. I work in a college and we don't want the students to (accidentally or deliberately) play with files on the C: drive but even the tightest set of policies makes no real difference - just typing "C:" into a file open dialog will show you the drive and typing "desktop" into the address bar in Internet Explorer also leads to some fun :-) In the end it's easier to make sure that permissions are as tight as possible so that people can't do too much damage and be prepared to re-image the machine if they do! Steve From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] Sent: 31 December 2003 04:06 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Bug in GPO? Mark- This worked for me on XP as expected--I chose to hide the C: drive using this policy and it was hidden in both My Computer and Explorer. One thing I did note was that, if I enabled this policy while I had Explorer up and running, the C: drive would only get "partially" hidden. That is, it still appeared in the Explorer tree view but didn't in the right hand results pane. Weird. Restarting Explorer cleared that up and C: was gone. Just as a note, this policy is really nothing more than "shell obfuscation". For example, even with the C: drive hidden in Explorer, there are numerous ways the intrepid user can get to C:. For example, opening a command shell, using the File Open dialog in any number of applications, etc. So, even if you get it working, its not real security. I found that, in the past, it also confused some applications, depending upon how poorly they were written. In the end I decided to give up on the drive hiding thing because it caused more confusion than it fixed. Just my .02. Darren List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ -------APPLEBEE'S INTERNATIONAL, INC. CONFIDENTIALITY NOTICE------- PRIVILEGED / CONFIDENTIAL INFORMATION may be contained in this message or any attachments. This information is strictly confidential and may be subject to attorney-client privilege. This message is intended only for the use of the named addressee. If you are not the intended recipient of this message, unauthorized forwarding, printing, copying, distribution, or using such information is strictly prohibited and may be unlawful. If you have received this in error, you should kindly notify the sender by reply e-mail and immediately destroy this message. Unauthorized interception of this e-mail is a violation of federal criminal law. Applebee's International, Inc. reserves the right to monitor and review the content of all messages sent to and from this e-mail address. Messages sent to or from this e-mail address may be stored on the Applebee's International, Inc. e-mail system. List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
