Why don't they just browse to \\hostname\c$?
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Michael Leone
Sent: 17 February 2017 17:34
To: [email protected]
Subject: [NTSysADM] Some advice needed about allowing local C: drive access
I know I've read about this procedure somewhere, but I'm not finding it at the
moment.
We have this application that writes out it's debug log to c:\debug.
Now, we hide drive C; from domain users using GPO (User
Configuration/Policies/Administrative Policies/Windows Components/File
Explorer/Hide these specific drives ("Restrict A.B.C")).
So what my help desk staff needs to do is to log onto these workstations (as a
specific domain account), run the software, and need to be able to see, read
(and optionally write to) this C:\Debug location, to identify/fix problems.
(this is the "Check21" check processing software, if anyone else uses it)
What I don't know is how best to do this.
Oh, sure, I could create a whole new GPO, without that "Hide drives"
setting, and limit it only to this one domain login. But is there a better,
more efficient way to do this? I want C: drive hidden from the majority of my
users, but do need certain logons that aren't limited this way.
And I don't want the logon to be local admin, or have any access other than
just standard domain user (or I could use a Restricted Group).
Thoughts? Advice?
(Win 2008 R2 domain)
