Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

How to Hide Specific Drive Letters Using GPO

Group Policy

How to Hide Specific Drive Letters Using GPO

by  markdmac  Posted    (Edited  )
markdmac's Enterprise Ready
Group Policy Administrative Templates

By Mark D. MacLachlan, The Spiders Parlor
http://www.thespidersparlor.com


OK, so you have been poking around Group Policies and want to hide drive letters for certain users but have found the choices available to you are too limited. Well my friend you have come to the right place.

You CAN use the GPO. You simply need to either write your own ADM file or edit the standard system.adm.

How It Works

Picture a line of the alphabet starting with Z and ending with A

[RED]ZYXWVUTSRQPONMLKJIHGFEDCBA[/RED]

Each drive letter is assigned a number based on binary location. A=1, B=2, C=4, D=8 etc.

To block any drive letter you need to tell the GPO the value for that drives letter. To block multiple drives, add the values of those drives together.

[green]
Examples:
Block A & D = 9
Block A & C & D = 13
[/green]

You can use the following chart to figure out the values you need.
Code: 
[green]
A	1
B	2
C	4
D	8
E	16
F	32
G	64
H	128
I	256
J	512
K	1024
L	2048
M	4096
N	8192
O	16384
P	32768
Q	65536
R	131072
S	262144
T	524288
U	1048576
V	2097152
W	4194304
X	8388608
Y	16777216
Z	33554432
ALL  67108863
[/green]

The Administrative Template

Here is an example ADM file that you can edit. ADM files are just text files, use notepad to modify them to ensure you don't get any formatting or control codes that you would with a more robust word processor.

Add entries to both the itemlist and the strings section. Save the file as HideDrives.adm and place in your server's Windows\Inf folder. Then in your GPO right click Administrative Templates. Select Add Template and select your HideDrives.ADM file.

Code: 
CLASS USER

CATEGORY  !!HideDrives
       
KEYNAME Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
	POLICY !!HideDrives 
    
	PART !!HideDrivesDropdown	DROPDOWNLIST NOSORT REQUIRED
	VALUENAME "NoDrives"
	ITEMLIST
    	NAME !!ABOnly           VALUE NUMERIC	3
    	NAME !!COnly            VALUE NUMERIC	4
    	NAME !!DOnly            VALUE NUMERIC	8
    	NAME !!ABConly          VALUE NUMERIC	7
    	NAME !!ABCDOnly         VALUE NUMERIC	15
    	NAME !!HideACE          VALUE NUMERIC	21
    	NAME !!HideCE           VALUE NUMERIC	20
    	NAME !!HideCDE          VALUE NUMERIC	28
    	NAME !!HideACEF         VALUE NUMERIC	53
    	NAME !!HideCEF          VALUE NUMERIC	52
    	NAME !!ALLDrives        VALUE NUMERIC	67108863 DEFAULT 
    	NAME !!RestNoDrives     VALUE NUMERIC	0
	END ITEMLIST
	END PART			
	END POLICY

      

END CATEGORY;HideDrives

[strings]
Blank=" "
ABCDOnly="Restrict A, B, C and D drives only"
ABConly="Restrict A, B and C drives only"
ABOnly="Restrict A and B drives only"
ALLDrives="Restrict all drives"
COnly="Restrict C drive only"
DOnly="Restrict D drive only"
HideACEF="Restrict A,C,E and F drives only"
HideCDE="Restrict C, D and E drives only"
HideACE="Restrict A, C and E drives only"
HideCE="Restrict C and E drives only"
HideCEF="Restrict C, E and F drives only"
HideDrives="Hide Drives"
HideDrivesDropdown="Hide Drives Selection"
MoveProfile="Move Profiles"
MoveProfileDropdown="Move User Profile Location"
MOVEPROFILETOD="Move Profile to D Drive"
RestNoDrives="Restore Drives"
Register to add this FAQ to your archive
Register to rate this FAQ  : BAD 1 2 3 4 5 6 7 8 9 10 GOOD
Please Note: 1 is Bad, 10 is Good :-)

Part and Inventory Search

Back
Top