We have setup group policies to redirect user start menus
and removed access to context menus, and removed desktop
icons, but when a user double clicks on the "programs"
option in the start menu it open windows explorer in the
redirected folder. We have thus setup NTFS restrictions
to this folder, but it does not stop the users from
browsing. As we do not want our users to have access to
windows explorer is there a way to stop this from
happening?? Can it be done using group policies ??

I don't know if that is possible however in user configuration/administrative
templates/Windows components/Windows explorer there are several options that can be
used to limit what they can do in explorer including controlling access to drives,
etc. Keep in mind that ultimately you will still need to use ntfs permissions to
block access to resources a user should not use. Software Restriction Policies are
also a very powerful to lock down what a user can do on a computer. --- Steve

http://support.microsoft.com/?kbid=310791

"Dave Wells" <(E-Mail Removed)> wrote in message
news:00ee01c3ae23$f2414cc0$(E-Mail Removed)...
> We have setup group policies to redirect user start menus
> and removed access to context menus, and removed desktop
> icons, but when a user double clicks on the "programs"
> option in the start menu it open windows explorer in the
> redirected folder. We have thus setup NTFS restrictions
> to this folder, but it does not stop the users from
> browsing. As we do not want our users to have access to
> windows explorer is there a way to stop this from
> happening?? Can it be done using group policies ??

Go to this site. This is one that I use at home and works great.
http://www.dougknox.com/index.html


"Dave Wells" <(E-Mail Removed)> wrote in message
news:00ee01c3ae23$f2414cc0$(E-Mail Removed)...
> We have setup group policies to redirect user start menus
> and removed access to context menus, and removed desktop
> icons, but when a user double clicks on the "programs"
> option in the start menu it open windows explorer in the
> redirected folder. We have thus setup NTFS restrictions
> to this folder, but it does not stop the users from
> browsing. As we do not want our users to have access to
> windows explorer is there a way to stop this from
> happening?? Can it be done using group policies ??

As the file that needs to be blocked is explorer.exe I
don't think it can be restricted using software
restrictions?? can it??, I have set the user policies you
mentioned (windows explorer) and as the browse path is a
network location it does mean that they can then use
explorer to find other locations??
>-----Original Message-----
>I don't know if that is possible however in user
configuration/administrative
>templates/Windows components/Windows explorer there are
several options that can be
>used to limit what they can do in explorer including
controlling access to drives,
>etc. Keep in mind that ultimately you will still need to
use ntfs permissions to
>block access to resources a user should not use.
Software Restriction Policies are
>also a very powerful to lock down what a user can do on
a computer. --- Steve
>
>http://support.microsoft.com/?kbid=310791
>
>"Dave Wells" <(E-Mail Removed)> wrote in message
>news:00ee01c3ae23$f2414cc0$(E-Mail Removed)...
>> We have setup group policies to redirect user start
menus
>> and removed access to context menus, and removed
desktop
>> icons, but when a user double clicks on the "programs"
>> option in the start menu it open windows explorer in
the
>> redirected folder. We have thus setup NTFS restrictions
>> to this folder, but it does not stop the users from
>> browsing. As we do not want our users to have access to
>> windows explorer is there a way to stop this from
>> happening?? Can it be done using group policies ??
>
>
>.
>

You could block explorer.exe, but then you would have no desktop - try ending
the process for explorer.exe in Task Manager to see what happens. You can limit
"browsing" access quit a bit using Group Policy, but ntfs/share permissions will
still be the main method to controll access. --- Steve

"Dave Wells" <(E-Mail Removed)> wrote in message
news:042601c3ae3a$8f3aafb0$(E-Mail Removed)...
> As the file that needs to be blocked is explorer.exe I
> don't think it can be restricted using software
> restrictions?? can it??, I have set the user policies you
> mentioned (windows explorer) and as the browse path is a
> network location it does mean that they can then use
> explorer to find other locations??
> >-----Original Message-----
> >I don't know if that is possible however in user
> configuration/administrative
> >templates/Windows components/Windows explorer there are
> several options that can be
> >used to limit what they can do in explorer including
> controlling access to drives,
> >etc. Keep in mind that ultimately you will still need to
> use ntfs permissions to
> >block access to resources a user should not use.
> Software Restriction Policies are
> >also a very powerful to lock down what a user can do on
> a computer. --- Steve
> >
> >http://support.microsoft.com/?kbid=310791
> >
> >"Dave Wells" <(E-Mail Removed)> wrote in message
> >news:00ee01c3ae23$f2414cc0$(E-Mail Removed)...
> >> We have setup group policies to redirect user start
> menus
> >> and removed access to context menus, and removed
> desktop
> >> icons, but when a user double clicks on the "programs"
> >> option in the start menu it open windows explorer in
> the
> >> redirected folder. We have thus setup NTFS restrictions
> >> to this folder, but it does not stop the users from
> >> browsing. As we do not want our users to have access to
> >> windows explorer is there a way to stop this from
> >> happening?? Can it be done using group policies ??
> >
> >
> >.
> >