how do I block explore

[Guest]

Hi all,
How do I block explore when you right click the desktop toolbar under the
taskbar?
or how do I disable rightclick from the desktop toolbar?
Thanks in advance for any help
Sher

 

[Brian Hoops]

To remove it when a user right clicks on the Start Menu...
User Config -> Administrative Templates -> Start Menu & Taskbar -> Disable
Context Menus for the taskbar -> Enabled


Although I don't know if that's what you were looking for....

 

[Guest]

Hi Brian,
What I have done is give the user the desktop toolbar and then disabled the
context menus for the tasbar but the user can now right click the desktop
toolbar and get to network drives that I want hidden. I am trying to find a
way for the user to have the desktop toolar but not the right click option.
All I really want to do is hide the networked drives everywhere a user could
go to see them. I am trying to keep users from deleting program files of
the programs on the network.
Sher

 

[Brian Hoops]

You can use the following article to hide any drive letter from the user,
not just A,B,C, or D.
http://support.microsoft.com/kb/q231289/

Unless I'm missing something, I don't see another way.

 

[Ken B]

This seems to imply you've given the "Everyone" object "Full Control" on
your network drives. If you give them just List/Read, they won't be able to
delete anything. It's also fun to watch users try and do things we know
they can't

If you have auditing turned on for the folders you store your programs in,
you can see who is attempting to delete programs and whatnot. If it's that
big a problem, take the log to their supervisor and ask "why are they trying
to delete such-and-such program? and explain that you would prefer the
program be left there until the administrator deems it unneccesary to keep
on the network. at such time, the admin will delete the files, without the
assistance of the user".

Good luck

Ken

 

[Andrew Mitchell]

Hi Brian,
What I have done is give the user the desktop toolbar and then disabled
the context menus for the tasbar but the user can now right click the
desktop toolbar and get to network drives that I want hidden. I am
trying to find a way for the user to have the desktop toolar but not the
right click option. All I really want to do is hide the networked drives
everywhere a user could go to see them. I am trying to keep users from
deleting program files of the programs on the network.

I'd suggest tightening up the NTFS permissions on your network drives. Users
should not have permissions that would allow them to delete applications from
the server.
Security through obscurity is not much better than no security at all.

 

[Guest]

Hi Andrew, Brian,
Maybe I'm not understanding security well enough. I have a drive partion on
my server that the users cannot delete but on that drive I have a shared
folder where all my programs are installed. I have several third party
programs such as payroll, accounting and billing. Each one of these programs
structure is so that the users must have modify rights to the folder where
the program is installed in order to make changes to the data files.
Therefore, all they have to do is go to the mapped P: drive and click on the
program folder (example: Payroll) which they have modify rights to so they
can delete any and all of the exe files. (Granted the program has an icon for
the users to access the data and do data entry) but that does not stop them
from being able to go to where the program is installed since it is a mapped
drive.
I have talked to the third party vendors about this and it seems they are
still writing their programs so that the exe files and the data files are all
located in the same place and users must have modify rights.
The problem with XP is that there are so many places that you must hide the
mapped drives. Example : I setup the taskbar with the desktop toolbar just
to discover that the user could right click on the my documents folder and
explore to the mapped drive.
Is there a better way to install programs of this type? Maybe by using
shared unc paths instead of mapped drives?
I hope I am making myself clear on this.
I have looked at the article about hiding mapped drives but I cannot figure
out how to setup and hide the p: drive.
Thanks for your info,
I would really appreciate it if you could guide me to a better way to deal
with these types of programs. (We are still using Office 97 and I even have
to give the users modify rights to that folder otherwise they cannot save
certain indivudual settings)
Sher

 

[Andrew Mitchell]

Hi Andrew, Brian,
Maybe I'm not understanding security well enough. I have a drive
partion on my server that the users cannot delete but on that drive I
have a shared folder where all my programs are installed. I have
several third party programs such as payroll, accounting and billing.
Each one of these programs structure is so that the users must have
modify rights to the folder where the program is installed in order to
make changes to the data files. Therefore, all they have to do is go to
the mapped P: drive and click on the program folder (example: Payroll)
which they have modify rights to so they can delete any and all of the
exe files.

You can set permissions on a per-file basis. Just right-click the
executable and select 'Properties'. In the 'Security' tab you can set the
appropriate permissions (you may need to remove the permission inheritance
first)

(Granted the program has an icon for the users to access the
data and do data entry) but that does not stop them from being able to
go to where the program is installed since it is a mapped drive.
I have talked to the third party vendors about this and it seems they
are still writing their programs so that the exe files and the data
files are all located in the same place and users must have modify
rights. The problem with XP is that there are so many places that you
must hide the mapped drives. Example : I setup the taskbar with the
desktop toolbar just to discover that the user could right click on the
my documents folder and explore to the mapped drive.
Is there a better way to install programs of this type? Maybe by using
shared unc paths instead of mapped drives?

That's probably a better way (not as obvious) but should still be done in
conjunction with correct NTFS permissions.

I hope I am making myself clear on this.
I have looked at the article about hiding mapped drives but I cannot
figure out how to setup and hide the p: drive.

You need to create a custom template to hide this drive letter.
You can get more information on this specific functionality here:
http://support.microsoft.com/kb/q231289/

 

[Brian Hoops]

In addition to setting permissions per-file I would also follow Ken's
original tip of turning on auditing and monitoring your user's actions,
especially if you're worried about deliberate deletions. Even if you hide
the drive letter and disable the ability to explore, a knowledgeable user
will still be able to make his way to your P: drive. With proper file
permissions, they will be unable to delete any critical program files,
however it has been my experience that every file tends to be critical ...
especially if it's a file that they need permissions to modify, as these
tend to contain your data.

-Brian