From: Mike (mikesuperiorholidayadventures.ca)
Date: Mon Jun 14 2004 - 07:28:10 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is an option in the group policy that my fix your issue:

User Configuration
  -> Administrative Templates
     -> Windows Components
        -> Windows Explorer
           -> Hide these specified drives in My Computer
             &
           -> Prevent access to drives from My Computer

It may still be possible to break out in the File -> Open or File ->
Save As dialog boxes.. haven't tested those.

Mike Fetherston

> -----Original Message-----
> From: James D. Stallard [mailto:jamesleafgrove.com]
> Sent: Friday, June 11, 2004 5:02 PM
> To: focus-mssecurityfocus.com
> Subject: Doubleclick programs entry on start menu
>
> Folks
>
> A client has asked this of me and I am looking for a little best
practice
> guidance:
>
> We have a W2K/Terminal Server/Citrix policy implemented to restict
users
> from accessing the systemdrive. (M:)
>
> The systemdrive is also hidden and not accessible because of this
policy.
>
> Eveything works fine BUT we discovered that when a user opens his
START
> menu
> and he/she doubleclicks on "Programs" the windows explorer opens
> M:\Documents and Settings\%username%\Start Menu\Programs. From that
point
> the user can navigate up to the systemroot.
>
> OS is Windows 2000
>
> I don't believe that a policy exists in Windows 2000 that will affect
this
> behaviour.
>
> Any thoughts around policies or NTFS rights that I can use to stop or
> mitigate this?
>
> Thanks in advance
> Cheers
>
> James D. Stallard
>
>
>
>
------------------------------------------------------------------------
--
> -
>
------------------------------------------------------------------------
--
> -

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]