I have nodrives=1 set in the registry to hide drives in "my computer", But when the user goes to a web bases Email application, and tries to attach a file to their Email, they can browse the hardisks, and even delete and execute files.
Does anyone know of a way to prevent this, or prevent "Browse" windows from being displayed. even if it required a 3rd party product.
Thanks
Restricting access to Local Disks, and/or Browse windows
Moderators: Tyler, Scott, PWB v2 Moderator
Take a look at this post.
http://www.teamsoftwaresolutions.com/ph ... c.php?t=17
Specifically Hide these specified drives in My Computer.
This will hide the drives from the Save dialog.
This may be overkill, but if you want to really lock it down try this. When you build the computer, partition the hard drive into two drive and have Windows use the "D" drive for the Settings and Documents drive. Then use MMC to hide and deny access to the "C" drive.
--Scott
http://www.teamsoftwaresolutions.com/ph ... c.php?t=17
Specifically Hide these specified drives in My Computer.
This will hide the drives from the Save dialog.
This may be overkill, but if you want to really lock it down try this. When you build the computer, partition the hard drive into two drive and have Windows use the "D" drive for the Settings and Documents drive. Then use MMC to hide and deny access to the "C" drive.
--Scott
I've had really good luck with using WinGuides www.regedit.com
You may look into the Security section for some good hints. Although, this site deals with editing the registry, a lot of what is found on there can be done through Policies. But, I've grown very comfortable with editing the registry directly myself and use it all the time. Examples are:
Hide Entire Network Neighborhood
Disable Recent Shares in Network Places
Hide all Items on the Desktop
Prevent Access to the Contents of Selected Drives
Hide Drives in My Computer
The Overkill Method would be to turn off (Disable) Active X Scripting completely within IE's Internet Settings. But this may cause unwanted results for some user's browsing experience. But by turning it off, the Browse feature for attachments on most Internet Email sites is effectively disabled. If your looking on how to limit to just the A: drive only access and prevent local computer and network access, join the bandwagon, several of us here are waiting for Scott to come up with some kind of solution for the Restricted Save settings. Until then, policies or editing the registry may get you close to what you want.
Good Luck!
You may look into the Security section for some good hints. Although, this site deals with editing the registry, a lot of what is found on there can be done through Policies. But, I've grown very comfortable with editing the registry directly myself and use it all the time. Examples are:
Hide Entire Network Neighborhood
Disable Recent Shares in Network Places
Hide all Items on the Desktop
Prevent Access to the Contents of Selected Drives
Hide Drives in My Computer
The Overkill Method would be to turn off (Disable) Active X Scripting completely within IE's Internet Settings. But this may cause unwanted results for some user's browsing experience. But by turning it off, the Browse feature for attachments on most Internet Email sites is effectively disabled. If your looking on how to limit to just the A: drive only access and prevent local computer and network access, join the bandwagon, several of us here are waiting for Scott to come up with some kind of solution for the Restricted Save settings. Until then, policies or editing the registry may get you close to what you want.
Good Luck!
-
Chartway
Thanks, but that doesn't work
I already have restricted access thru the registry hacks, and the drives don't show up in My Computer or Windows Explorer, But if I bring up a file browse box (not save or open) I can still get access to the local drives. I'll keep looking, thanks for the ideas.
-
Chartway
Thanks for the reply.
I'm running PWB as my shell, so users don't recieve a desktop.
If I created a group, and denied them read access to the entire hard drive, would Windows2k Still run (using PWB as my shell)?
And, as I said, I have already hidden the drives from my computer. An unfortunatly, disabling ActiveX isn't an option
If I created a group, and denied them read access to the entire hard drive, would Windows2k Still run (using PWB as my shell)?
And, as I said, I have already hidden the drives from my computer. An unfortunatly, disabling ActiveX isn't an option
-
gene
Currently, you can use the restricted save, but it does not work to well on email sites. You can also set the default save location in the INI file, and use NT policies to restrict the save dialog and hide the other dirves.
We are working on a few projects that will help forcing saves only to the A drive, but they are still in development.
--Scott
We are working on a few projects that will help forcing saves only to the A drive, but they are still in development.
--Scott
-
Philip - Long Beach NY
- Benefactor
- Posts: 82
- Joined: Fri Feb 28, 2003 2:30 pm
NoDrives should work Chartway. I don't use the 'NoViewDrive' so I couldn't tell you. But with the NoDrives I set the value to 12 Hexidecimal and it seems to work fine. When a patron tries to open a document from word let's say, the hard drive doesn't show in the dropdown window. You may also want to use the NoFind registry tweak and the NoFileURL tweak also. The latter keeps people from typing in a url and opening IE.
Hope this helps,
Philip - Long Beach NY
Hope this helps,
Philip - Long Beach NY
Complexity is the enemy of security
-- Steve Gibson
-- Steve Gibson