Restricting access to Local Disks, and/or Browse windows

For general issues related to PWB v2.

Moderators: Tyler, Scott, PWB v2 Moderator

Chartway

Restricting access to Local Disks, and/or Browse windows

Post by Chartway »

I have nodrives=1 set in the registry to hide drives in "my computer", But when the user goes to a web bases Email application, and tries to attach a file to their Email, they can browse the hardisks, and even delete and execute files.

Does anyone know of a way to prevent this, or prevent "Browse" windows from being displayed. even if it required a 3rd party product.

Thanks

Scott
Site Admin
Site Admin
Posts: 2539
Joined: Mon Dec 16, 2002 12:31 pm
Location: Rochester, MN
Contact:

Post by Scott »

What version of Windows are you using?

--Scott

chartway

Post by chartway »

Windows 2000 in a stand alone enviorment. Thanks for the speedy reply

Scott
Site Admin
Site Admin
Posts: 2539
Joined: Mon Dec 16, 2002 12:31 pm
Location: Rochester, MN
Contact:

Post by Scott »

Take a look at this post.

http://www.teamsoftwaresolutions.com/ph ... c.php?t=17

Specifically Hide these specified drives in My Computer.

This will hide the drives from the Save dialog.

This may be overkill, but if you want to really lock it down try this. When you build the computer, partition the hard drive into two drive and have Windows use the "D" drive for the Settings and Documents drive. Then use MMC to hide and deny access to the "C" drive.

--Scott

Thad
Observer
Observer
Posts: 7
Joined: Wed Dec 18, 2002 9:47 am
Location: Garland, TX

Post by Thad »

I've had really good luck with using WinGuides www.regedit.com

You may look into the Security section for some good hints. Although, this site deals with editing the registry, a lot of what is found on there can be done through Policies. But, I've grown very comfortable with editing the registry directly myself and use it all the time. Examples are:

Hide Entire Network Neighborhood
Disable Recent Shares in Network Places
Hide all Items on the Desktop
Prevent Access to the Contents of Selected Drives
Hide Drives in My Computer

The Overkill Method would be to turn off (Disable) Active X Scripting completely within IE's Internet Settings. But this may cause unwanted results for some user's browsing experience. But by turning it off, the Browse feature for attachments on most Internet Email sites is effectively disabled. If your looking on how to limit to just the A: drive only access and prevent local computer and network access, join the bandwagon, several of us here are waiting for Scott to come up with some kind of solution for the Restricted Save settings. Until then, policies or editing the registry may get you close to what you want.

Good Luck!

Chartway

Thanks, but that doesn't work

Post by Chartway »

I already have restricted access thru the registry hacks, and the drives don't show up in My Computer or Windows Explorer, But if I bring up a file browse box (not save or open) I can still get access to the local drives. I'll keep looking, thanks for the ideas.

Chartway

Update

Post by Chartway »

I just tried using the NoDrives again, and the NoViewOnDrive registry setting. I set it to hide ALL drives, I rebooted, I goto File, Run, press browse, and I'm in the file system.

Am I missing something?

Thad
Observer
Observer
Posts: 7
Joined: Wed Dec 18, 2002 9:47 am
Location: Garland, TX

Post by Thad »

Yes, you may want to try enabling the last three listed in my reply above. And try again.

Chartway

Thanks for the reply.

Post by Chartway »

I'm running PWB as my shell, so users don't recieve a desktop.

If I created a group, and denied them read access to the entire hard drive, would Windows2k Still run (using PWB as my shell)?

And, as I said, I have already hidden the drives from my computer. An unfortunatly, disabling ActiveX isn't an option :(

Thad
Observer
Observer
Posts: 7
Joined: Wed Dec 18, 2002 9:47 am
Location: Garland, TX

Post by Thad »

I'm running PWB as shell also, but I had to hide on desktop to get it to work. You may be running into same problem. Not sure about denied access to Hard Drive completely. Try it and let us know? :)

gene

Post by gene »

so...is there a way to restrict saving to just the A Drive?
That is my desired outcome.

Thanks,

Thad
Observer
Observer
Posts: 7
Joined: Wed Dec 18, 2002 9:47 am
Location: Garland, TX

Post by Thad »

Check with TeamSoftware Support for answers to this issue.

gene

Post by gene »

Scott -
Is there an easy way to restrict saving to the A Drive?

Thanks,

Scott
Site Admin
Site Admin
Posts: 2539
Joined: Mon Dec 16, 2002 12:31 pm
Location: Rochester, MN
Contact:

Post by Scott »

Currently, you can use the restricted save, but it does not work to well on email sites. You can also set the default save location in the INI file, and use NT policies to restrict the save dialog and hide the other dirves.

We are working on a few projects that will help forcing saves only to the A drive, but they are still in development.

--Scott

User avatar
Philip - Long Beach NY
Benefactor
Benefactor
Posts: 82
Joined: Fri Feb 28, 2003 2:30 pm

Post by Philip - Long Beach NY »

NoDrives should work Chartway. I don't use the 'NoViewDrive' so I couldn't tell you. But with the NoDrives I set the value to 12 Hexidecimal and it seems to work fine. When a patron tries to open a document from word let's say, the hard drive doesn't show in the dropdown window. You may also want to use the NoFind registry tweak and the NoFileURL tweak also. The latter keeps people from typing in a url and opening IE.

Hope this helps,

Philip - Long Beach NY
Complexity is the enemy of security
-- Steve Gibson

Post Reply