Tips for securing drives in XP with PWB

For general issues related to PWB v2.

Moderators: Tyler, Scott, PWB v2 Moderator

Post Reply
spragers
Benefactor
Benefactor
Posts: 153
Joined: Fri Dec 27, 2002 9:11 am
Contact:

Tips for securing drives in XP with PWB

Post by spragers »

Just a few helpful tips for anyone who might be interested (some of this may have been posted before).

We use the Restricted Save feature in PWB2; however, at the present, if a file open dialog window opens when attaching files to an email or downloading attachments from an email, the restricted save feature is bypassed. I've found a few registry and security settings in XP that can help with this, courtesy of WinGuides.

This setting allows you to control which drives are visible in My Computer and Explorer. It is possible to hide all drives or just selected ones.
Open your registry and find or create the key below.

The "NoDrives" value uses a 32-bit word to define local and network drive visibility for each logical drive in the computer. The lower 26 bits of the 32-bit word correspond to drive letters A through Z. Drives are visible when set to 0 and hidden when set to 1.

If your not happy working in Hex, add these decimal numbers to hide the drive(s):

A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L: 2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144, T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z: 33554432, ALL: 67108863

For example to hide drive A and drive D, you would add 1 (A) + 8 (D) which means the value should be set to "9".
To disable all the drives set the value to "67108863".
Restart Windows for the change to take effect.
Note: These drives will still appear in File Manager, to remove File Manager, delete or rename winfile.exe.

Registry Settings
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Value Name: NoDrives
Data Type: REG_DWORD (DWORD Value)

- - - - -

Prevent Access to the Contents of Selected Drives (Windows 2000/Me/XP)

This tweak can be easily applied using WinGuides Tweak Manager. Download Now! This restriction prevents users from using My Computer or Explorer to access the content of selected drives. Also, they cannot use Run, Map Network Drive, or the Dir command to view the directories on these drives.

Open your registry and find or create the key below.
The "NoViewOnDrive" value uses a 32-bit bitmask to define local and network drive access for each logical drive in the computer. The lower 26 bits of the 32-bit word correspond to drive letters A through Z. Drives are visible when set to 0 and hidden when set to 1.

If your not happy working in Hex, add these decimal numbers to hide the drive(s):

A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L: 2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144, T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z: 33554432, ALL: 67108863

For example to hide drive A and drive D, you would add 1 (A) + 8 (D) which means the value should be set to "9".

To disable all the drives set the value to "67108863".
Restart Windows for the change to take effect.

Registry Settings
User Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
System Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
Value Name: NoViewOnDrive
Data Type: REG_DWORD (DWORD Value)
Value Data: 32-bit bitmask

- - - - -

In Internet Explorer, go to Tools, Content, Auto Complete. Disable this to also prevent a drop-down file list from appearing when users begin typing a path name (i.e., typing C:\ opens a list of folders and files in that directory).

- - - - -

These three steps should prevent users from being able to browse for files and folders on the selected drives when opening or saving, even if they type in the path names by hand. However, this will not prevent a user from accessing a file if they know the exact pathname and filename to use. In those cases, further file security measures need to be taken, but I think this is a good start :)

Post Reply