Hiding Drives thru group policy

[M P]

I want only to allow specific drives that may be viewed on the explorer that
is why I follow the steps that was stated on KB231289. I have modified my
Server's system.adm and inserted some parts on these lines:

POLICY !!NoDrives
EXPLAIN !!NoDrives_Help
PART !!NoDrivesDropdown DROPDOWNLIST NOSORT REQUIRED
VALUENAME "NoDrives"
ITEMLIST
NAME !!ABOnly VALUE NUMERIC 3
NAME !!COnly VALUE NUMERIC 4
NAME !!DOnly VALUE NUMERIC 8
NAME !!ABConly VALUE NUMERIC 7
NAME !!ABCDOnly VALUE NUMERIC 15
NAME !!ALLDrives VALUE NUMERIC 67108863 DEFAULT
; low 26 bits on (1 bit per drive)
NAME !!RestNoDrives VALUE NUMERIC 0
NAME !!MyAllowedDrives VALUE NUMERIC 62463975 #MY INSERTED LINE
(Allowed drives was D,E,N,O,P,R,S,W)
END ITEMLIST
END PART
END POLICY


and


[strings]
ABCDOnly="Restrict A, B, C and D drives only"
ABConly="Restrict A, B and C drives only"
ABOnly="Restrict A and B drives only"
MyAllowedDrives="My Allowed Drives only" #MY INSERTED LINE


I have save it and copy to all my DC. I modify one OU with users that I may
try if this will work, enabled the "Hide these specific drives in My
Computer" using the "My Allowed Drives only". Wait for 30 minutes and try to
users under that OU. I have inserted a USB disk and found that it was mapped
on drive F:. What went wrong on my admin template?

 

[Tom Penharston]

I don't know the exact answer to your exact question, but I've worked
on this problem before.

You can modify the registry:
http://support.microsoft.com/default.aspx?scid=KB;EN-US;158457
Unfortunately, this works best in a Workgroup. It's not safe to have
differences between the registry and Group Policy while logging into
Active Directory; conflicts can arise when the policies are processed.

This is one case where the registry options are limitless, but the GP
options are unecessarily limited.

You safely can hide drives C and D. If you are trying to hide F then
you are on your own.

This is my guess:
* Change your primary partition to something other than C.
* Change your CD drive or second partition to something other than D.
* Enable the policy to hide C and D
* The first two USB drives installed will be auto assigned C and D, and
hidden
* If the user has a third USB drive... it will appear as E or whatever
Again, this is just a guess.

Where did you get the number 62463975?

 

[Tom Penharston]

On second thought, I understand your question now. I completely missed
the point the first time. Sorry.

You are making your edits to the ADM. You only want to allow d, e, n,
o, p, r, s, w. You represented that with the number 62463975

Backwards alphabet:
zyxwvutsrqponmlkjihgfedcba
11101110010001111111100111
62463975 in decimal

Forwards alphabet:
abcdefghijklmnopqrstuvwxyz
11100111111110001001110111
60809847 in decimal

You tried the low 26 bits going backwards? Perhaps, it's still the low
26 bits, only forwards. 60809847

 

[Tom Penharston]

Wrong again... it's supposed to run backwards...

are allowed drives inverse? 1's instead of zeros?

 

[M P]

Hi Tom,

I already solve it. I saw duplicate policy that makes it not to run. Thanks
for the reply, I really appreciate it.