Using Group Policy Objects to Hide Specified Drives in My Computer for Windows 2000

ID: Q231289

The information in this article applies to:
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Datacenter Server
  • Microsoft Windows 2000 Professional
  • Microsoft Windows 2000 Server

SUMMARY

With Group Policy Objects in Windows 2000, there is a "Hide these specified drives in My Computer" option that lets you hide specific drives. However, it may be necessary to hide only certain drive, but retain access to others.

There are seven default options for restricting access to drives. You can add other restrictions by modifying the System.adm file for the default domain policy or any custom Group Policy Object. The seven default selections are:

  • Restrict A, B, C and D drives only
  • Restrict A, B and C drives only
  • Restrict A and B drives only
  • Restrict all drives
  • Restrict C drive only
  • Restrict D drive only
  • Do not restrict drives


MORE INFORMATION

The default location of the System.adm file for a default domain policy is:

%SystemRoot%\Sysvol\Sysvol\YourDomainName\Policies\{31B2F340-016D-11D2-945F-00C04FB984F9}\Adm\System.adm
The contents of these folders are replicated throughout a domain by the File Replication service (FRS). Note that the Adm folder and its contents are not populated until the default domain policy is loaded for the first time.

To make changes to this policy for one of the seven default values:
  1. Start the Microsoft Management Console. On the Console menu, click Add/Remove Snap-in.


  2. Add the Group Policy snap-in for the default domain policy. To do this, click Browse when you are prompted to select a Group Policy Object (GPO). The default GPO is Local Computer. You can also add GPOs for other domain partitions (specifically, Organizational Units).


  3. Open the following sections: User Configuration, Administrative Templates, Windows Components, and Windows Explorer.


  4. Click Hide these specified drives in My Computer.


  5. Click to select the Hide these specified drives in My Computer check box.


  6. Click the appropriate option in the drop-down box.


These settings remove the icons representing the selected hard disks from My Computer, Windows Explorer, and My Network Places. Also, these drives do not appear in the Open dialog box of any programs.

This policy is designed to protect certain drives, including the floppy disk drive, from misuse. It can also be used to direct users to save their work to certain drives.

To use this policy, select a drive or combination of drives in the drop-down box. To display all drives (hide none), disable this policy or click the Do not restrict drives option.

This policy does not prevent users from using other programs to gain access to local and network drives or prevent them from viewing and changing drive characteristics by using the Disk Management snap-in.

The default values are not the only values that you can use. By editing the System.adm file, you can add your own custom values. This is the portion of the System.adm to be modified: 

POLICY !!NoDrives 
   EXPLAIN !!NoDrives_Help
      PART !!NoDrivesDropdown          DROPDOWNLIST NOSORT REQUIRED
         VALUENAME "NoDrives"
          ITEMLIST
                NAME !!ABOnly           VALUE NUMERIC 3
                NAME !!COnly            VALUE NUMERIC 4
                NAME !!DOnly            VALUE NUMERIC 8
                NAME !!ABConly          VALUE NUMERIC 7
                NAME !!ABCDOnly         VALUE NUMERIC 15
                NAME !!ALLDrives        VALUE NUMERIC 67108863                                                  
                ;low 26 bits on (1 bit per drive)
                NAME !!RestNoDrives     VALUE NUMERIC 0 (Default)
          END ITEMLIST
     END PART               
   END POLICY

[strings]
ABCDOnly="Restrict A, B, C and D drives only"
ABConly="Restrict A, B and C drives only"
ABOnly="Restrict A and B drives only"
ALLDrives="Restrict all drives"
COnly="Restrict C drive only"
DOnly="Restrict D drive only"
RestNoDrives="Do not restrict drives"
The [strings] section represents substitutions of the actual values in the drop-down box.

This policy displays only specified drives on the client computer. The registry key that this policy affects uses a decimal number that corresponds to a 26-bit binary string, with each bit representing a drive letter: 

11111111111111111111111111
ZYXWVUTSRQPONMLKJIHGFEDCBA
This configuration corresponds to 67108863 in decimal and hides all drives. If you want to hide drive C, make the third-lowest bit a 0, and then convert the binary string to decimal.

It is not necessary to create an option to show all drives, because clearing the check box deletes the "NoDrives" entry entirely, and all drives are automatically shown.

If you want to configure this policy to show a different combination of drives, create the appropriate binary string, convert to decimal, and add a new entry to the ITEMLIST section with a corresponding [strings] entry. For example, to hide drives L, M, N, and O, create the following string 

00000000000111100000000000
ZYXWVUTSRQPONMLKJIHGFEDCBA
and convert to decimal. This binary string converts to 30720 in decimal. Add this line to the [strings] section in the System.adm file: 

LMNO_Only="Restrict L, M, N and O drives only"
Add this entry in the ITEMLIST section above and save the System.adm file. 

NAME !!LMNO_Only         VALUE NUMERIC 30720
This creates an eighth entry in the drop-down box to hide drives L, M, N, and O only. Use this method to include more values in the drop-down box. The modified section of the System.adm file appears as follows: 

POLICY !!NoDrives 
   EXPLAIN !!NoDrives_Help
      PART !!NoDrivesDropdown          DROPDOWNLIST NOSORT REQUIRED
         VALUENAME "NoDrives"
          ITEMLIST
                NAME !!ABOnly           VALUE NUMERIC 3
                NAME !!COnly            VALUE NUMERIC 4
                NAME !!DOnly            VALUE NUMERIC 8
                NAME !!ABConly          VALUE NUMERIC 7
                NAME !!ABCDOnly         VALUE NUMERIC 15
                NAME !!ALLDrives        VALUE NUMERIC 67108863                                                  
                ;low 26 bits on (1 bit per drive)
                NAME !!RestNoDrives     VALUE NUMERIC 0 (Default)
                            NAME !!LMNO_Only        VALUE NUMERIC 30720
          END ITEMLIST
     END PART               
   END POLICY

[strings]
ABCDOnly="Restrict A, B, C and D drives only"
ABConly="Restrict A, B and C drives only"
ABOnly="Restrict A and B drives only"
ALLDrives="Restrict all drives"
COnly="Restrict C drive only"
DOnly="Restrict D drive only"
RestNoDrives="Do not restrict drives"
LMNO_Only="Restrict L, M, N and O drives only"
This [strings] section represents substitutions of the actual values in the drop-down box.

For additional information, please see the following article in the Microsoft Knowledge Base:
Q230263 How to Create Custom MMC Snap-in Tools

Additional query words: win2000hotds

Keywords : kbenv kbtool
Version : WINDOWS:2000
Platform : WINDOWS
Issue type : kbinfo


Last Reviewed: January 4, 2000
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.