The information in this article applies to:
IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe. SUMMARYThis article describes how to limit access to hard disks on computers running Internet Explorer 4.01 Service Pack 1 (SP1) or Internet Explorer 5 with Microsoft Windows 95, Windows 95 Service Pack 1, Windows 95 OEM Service Release version 1 or 2, Microsoft Windows NT 4.0, or running Windows 98. MORE INFORMATIONYou can limit access to local hard disks without obtaining an updated Internet Explorer file. Or, you can obtain an updated file that also allows you to apply additional restrictions that are listed later in this article. How to Limit Local Access Without Additional FilesWARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.For information about how to edit the registry, view the "Changing Keys and Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD). To limit access to the local workstation, set the data value of the NoRun DWORD value to 0x1 in the following registry key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerSetting this value disables viewing local files by typing a file address or URL (for example, "file://c:\") in the Address box, and also disables the Run command on the Start menu. Setting this value also disables the ability to browse to the local file system using an embedded HTML link. For example, you cannot browse a file by clicking the HTML link provided by the <a href="file://c:\">My File System</a> tag when this registry setting is used. If you want to disable access to a drive altogether, set the data value of the NoDrives DWORD value as indicated:
Set this DWORD value in the following registry key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerNOTE: Internet Explorer checks both HKEY_LOCAL_MACHINE (HKLM) and HKEY_CURRENT_USER (HKCU) for restrictions. The browser first checks HKLM. If it finds the restriction there, it does not check HKCU for the restriction. Typically, you use HKCU for restrictions. The keys and values may already exist in HKCU for this purpose too. However, if you want to use HKLM, you can. You may need to create the appropriate keys and values to make this work. For example, on most computers, the following key exists: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerHowever, the following key does not exist: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\ExplorerOnly the following key exists: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\PoliciesYou need to add the Explorer key and then the approprate values to have the browser read them from this location rather than HKCU. NOTE: All values are in hexadecimal. This logic uses a bitwise left shift to decide which drive to use. For example, if you want to disable viewing drive C, set the DWORD value to binary 0100. The code takes the return value from the function, subtracts "A" from the value, and shifts the binary value left by that number of bits. For example, drive C - drive A = 2. 0001 shifted to the left twice is 0100. Binary 0100 has the hexadecimal equivalent of 0x4. This is how you calculate the drive to disable. As another example, if you want to disable drive N, use the following method to calculate the hexadecimal value to place in the registry:
How to Limit Local Access with Additional Update FileObtain an updated Shdocvw.dll file by installing Internet Explorer 4.01 Service Pack 2. You can obtain Internet Explorer 4.01 Service Pack 2 from the following Microsoft Web site:http://www.microsoft.com/ie/download The following tables list additional restrictions provided by this updated file. You must manually edit the registry of each computer using the updated Shdocvw.dll file and add the corresponding registry value and setting for each restriction. Note that these restrictions also apply when you are using Kiosk mode. Restrictions under HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Restrictions: Each DWORD value must be set to 1 to be enabled. To disable the restriction, set the value to 0. NOTE: When you install Internet Explorer 4.01 Service Pack 2, NoFindFiles
and NoTheaterMode are automatically set to a BINARY 01 00 00 00 value in
the registry. This setting properly enables these restrictions and is set
as a BINARY value because of .inf file limitations. A DWORD value of 1 also
enables those restrictions.
The following additional restriction must be added in the following registry location: HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\ Toolbars\Restrictions
Additional query words: 5.00 hide drives
Keywords : kbenv kbui msiew95 msient win98 msiew98 |
Last Reviewed: January 11, 2000 © 2000 Microsoft Corporation. All rights reserved. Terms of Use. |