Blocking Access to the TS "C" and "D" Drive

G

Guest

I have a company that is just starting to use terminal server. The company
is small and the Terminal Server has been licensed on their main file server.
They want the users to have access to the file shares, but not the root of
the hard drives on the server, in this case, the C and D drive. Is there a
way to block access to those drives during a TS session while still allowing
access to mapped network drives (that may point back to folders on the local
(to TS) C and D drives?
 
V

Vera Noest [MVP]

Which OS are you running on the server?
You can and should do two things:

1) hide those drives from the users through a Group Policy. Note
that this is a cosmetic fix only, it's much more convenient for the
users when they don't see the drives, but it does *not* give you
any security. That's why you also need to:

2) use NTFS permissions on the file system to keep users out of the
disk area where they should not have access.

278295 - How to Lock Down a Windows 2000 Terminal Services Session
http://support.microsoft.com/?kbid=278295

231289 - Using Group Policy Objects to Hide Specified Drives in My
Computer for Windows 2000
http://support.microsoft.com/?kbid=231289

Securing Windows 2000 Terminal Services
http://www.microsoft.com/technet/treeview/default.asp?
url=/technet/prodtechnol/win2kts/maintain/optimize/secw2kts.asp

Guide to Securing Microsoft Windows 2000 Terminal Services
http://nsa1.www.conxion.com/win2k/guides/w2k-19.pdf
 
G

Guest

Vera,

Thanks for the reply.

I did lock the drives down under a group policy, but they can still right
click the start button and select explore and see the C drive. The D drive
remains hidden.

This is running on Windows 2003 standard server.
 
V

Vera Noest [MVP]

Yes, that's why you need the NTFS permissions. Hide drives works
only in standard "File Open" and "Save as" dialog boxes, and not
very well there either.

--
Vera Noest
MCSE, CCEA, Microsoft MVP - Terminal Server
http://hem.fyristorg.com/vera/IT
--- please respond in newsgroup, NOT by private email ---
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

GPO TS and local C drive 4
QNAP TS-653 Pro 2
local drive problem 1
Different C:\temp for each TS session 2
TS RDP Local Drive Access 3
TS Clients editing TS registry 1
MICR fonts via TS 1
chosing drives connection 8

Top