I am trying to configure a Group Policy on an XP pro
machine to restrict access to a drive that isn't listed.
So I went to knowledge article 231289
(http://support.microsoft.com/default.aspx?scid=kb;en-
us;231289 )
and here it gives specific instructions on how to
change/add the binary/decimal code.
I want to add restrictions to my F drive. From what it
looks like the code should be:

ITEMLIST
NAME !!F_Only VALUE NUMERIC 32

STRINGS
F_Only="Restrict F drive only"


They are in the correct places under itemlists and under
strings. I save the new changes, and restart my
computer. I then open the MMC and see that changes have
not gone into effect.
What am I missing??

Thanks,
Jon

"Jon" <(E-Mail Removed)> wrote in message
news:1852b01c422c9$2472f120$(E-Mail Removed)...

> I am trying to configure a Group Policy on an XP pro machine to restrict
> access to a drive that isn't listed. So I went to knowledge article
> 231289 (http://support.microsoft.com/default...b;en-us;231289 )
> and here it gives specific instructions on how to change/add the
> binary/decimal code. I want to add restrictions to my F drive. From what
> it looks like the code should be:
>
> ITEMLIST
> NAME !!F_Only VALUE NUMERIC 32
>
> STRINGS
> F_Only="Restrict F drive only"
>
>
> They are in the correct places under itemlists and under strings. I save
> the new changes, and restart my computer. I then open the MMC and see
> that changes have not gone into effect. What am I missing??

Your values work for me on my standalone WinXP workstation... All I can
think of is that KB231289 does not really tell you all the steps you need to
take. I will outline what I did and maybe you can use it to make this work
on your computer:

- Use notepad to open C:\WINDOWS\system32\GroupPolicy\Adm\system.adm

- Edit the file using the values you posted (and following the general
procedure given in KB231289)

- Run the Group Policy Editor (gpedit.msc) and enable the "Hide these
specified drives in My Computer" option: "Restrict F drive only" found under
User Configuration\Administrative Templates\Windows Components\Windows
Explorer

- Close gpedit.msc, open Explorer, and the F: drive is hidden

Other suggestions:

Check to see if gpedit.msc wrote the NoDrives value to the correct registry
key:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\
Explorer

Note: The above is where the Group Policy Editor wrote the value on my
machine. However, according to the "Group Policy Settings Reference
Spreadsheet" (see link below) it should be written in the location below.
And, indeed, if you manual create the REG_DWORD value (as exported and shown
below, watch for wrap) the F drive will be hidden (after rebooting or using
taskmgr to End Process, and then Run, explorer):

---------------
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
Explorer]

"NoDrives"=dword:00000020
------------------

More resources about writing *.adm files:

Newsgroup:

microsoft.public.windows.group_policy

Documentation:

Implementing Registry-Based Group Policy (rbppaper.doc)
http://www.microsoft.com/WINDOWS2000...t/rbppaper.asp

Windows 2000 Group Policy White Paper (grouppolwp.doc)
http://www.microsoft.com/windows2000...grouppolwp.asp

Group Policy Settings Reference for Windows Server 2003 (PolicySettings.xls)
http://microsoft.com/downloads/detai...displaylang=en

Microsoft Windows XP - Resources about Group Policy and related technologies
http://www.microsoft.com/resources/d...resources.mspx

Thanks!
Ends up that the system.adm file is also located
in /Windows/inf/system.adm, for some reason I had to edit
both files in both locations,, but in the end I got it to
work. (some things they don't teach in an MCSE course)
thanks again!


>-----Original Message-----
>"Jon" <(E-Mail Removed)> wrote in message
>news:1852b01c422c9$2472f120$(E-Mail Removed)...
>
>> I am trying to configure a Group Policy on an XP pro
machine to restrict
>> access to a drive that isn't listed. So I went to
knowledge article
>> 231289 (http://support.microsoft.com/default.aspx
scid=kb;en-us;231289 )
>> and here it gives specific instructions on how to
change/add the
>> binary/decimal code. I want to add restrictions to my
F drive. From what
>> it looks like the code should be:
>>
>> ITEMLIST
>> NAME !!F_Only VALUE NUMERIC 32
>>
>> STRINGS
>> F_Only="Restrict F drive only"
>>
>>
>> They are in the correct places under itemlists and
under strings. I save
>> the new changes, and restart my computer. I then open
the MMC and see
>> that changes have not gone into effect. What am I
missing??
>
>Your values work for me on my standalone WinXP
workstation... All I can
>think of is that KB231289 does not really tell you all
the steps you need to
>take. I will outline what I did and maybe you can use
it to make this work
>on your computer:
>
>- Use notepad to open C:\WINDOWS\system32
\GroupPolicy\Adm\system.adm
>
>- Edit the file using the values you posted (and
following the general
>procedure given in KB231289)
>
>- Run the Group Policy Editor (gpedit.msc) and enable
the "Hide these
>specified drives in My Computer" option: "Restrict F
drive only" found under
>User Configuration\Administrative Templates\Windows
Components\Windows
>Explorer
>
>- Close gpedit.msc, open Explorer, and the F: drive is
hidden
>
>Other suggestions:
>
>Check to see if gpedit.msc wrote the NoDrives value to
the correct registry
>key:
>
>HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersi
on\Policies\
>Explorer
>
>Note: The above is where the Group Policy Editor wrote
the value on my
>machine. However, according to the "Group Policy
Settings Reference
>Spreadsheet" (see link below) it should be written in
the location below.
>And, indeed, if you manual create the REG_DWORD value
(as exported and shown
>below, watch for wrap) the F drive will be hidden (after
rebooting or using
>taskmgr to End Process, and then Run, explorer):
>
>---------------
>Windows Registry Editor Version 5.00
>
>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers
ion\policies\
>Explorer]
>
>"NoDrives"=dword:00000020
>------------------
>
>More resources about writing *.adm files:
>
>Newsgroup:
>
>microsoft.public.windows.group_policy
>
>Documentation:
>
>Implementing Registry-Based Group Policy (rbppaper.doc)
>http://www.microsoft.com/WINDOWS2000...fo/howitworks/
management/rbppaper.asp
>
>Windows 2000 Group Policy White Paper (grouppolwp.doc)
>http://www.microsoft.com/windows2000...fo/howitworks/
management/grouppolwp.asp
>
>Group Policy Settings Reference for Windows Server 2003
(PolicySettings.xls)
>http://microsoft.com/downloads/details.aspx
FamilyId=7821C32F-DA15-438D-8E48-
45915CD2BC14&displaylang=en
>
>Microsoft Windows XP - Resources about Group Policy and
related technologies
>http://www.microsoft.com/resources/d...ation/windows/
xp/all/proddocs/en-us/gpe_resources.mspx
>
>
>
>
>.
>