The GPO about hiding drives is for A,B,C only. We use Z: as a profile drive (folder redirected to network storage).
We don't allow regular users access to the command prompt, either, so the Help Desk can't issue that command. On Fri, Feb 17, 2017 at 12:45 PM, Erik Goldoff <[email protected]> wrote: > use the SUBST command ? > > SUBST Z: c:\debug > > worth testing to see if you have access using Z: or does your GPO quash this > method ? > > On Fri, Feb 17, 2017 at 12:34 PM, Michael Leone <[email protected]> wrote: >> >> I know I've read about this procedure somewhere, but I'm not finding >> it at the moment. >> >> We have this application that writes out it's debug log to c:\debug. >> Now, we hide drive C; from domain users using GPO (User >> Configuration/Policies/Administrative Policies/Windows Components/File >> Explorer/Hide these specific drives ("Restrict A.B.C")). >> >> So what my help desk staff needs to do is to log onto these >> workstations (as a specific domain account), run the software, and >> need to be able to see, read (and optionally write to) this C:\Debug >> location, to identify/fix problems. >> (this is the "Check21" check processing software, if anyone else uses it) >> >> What I don't know is how best to do this. >> >> Oh, sure, I could create a whole new GPO, without that "Hide drives" >> setting, and limit it only to this one domain login. But is there a >> better, more efficient way to do this? I want C: drive hidden from the >> majority of my users, but do need certain logons that aren't limited >> this way. >> >> And I don't want the logon to be local admin, or have any access other >> than just standard domain user (or I could use a Restricted Group). >> >> Thoughts? Advice? >> (Win 2008 R2 domain) >> >> >
