Citrix XenApp – Hiding system drives part 2/2

This is the second part, here is the link to the first part : Citrix XenApp – Hiding system drives part 1/2

If you read the first part, now you know how to apply the Microsoft Windows 2003/2008/R2 GPO to hide A,B,C or/and D drives. But what’s happening if you have a E: drive or O: ? You cannot use this GPO anymore, you need to create your own. This is simple to understand how it works, just read what’s follow.

By default the Hide Drives part in the system.adm file look like this :

POLICY !!NoDrives
   EXPLAIN !!NoDrives_Help
      PART !!NoDrivesDropdown          DROPDOWNLIST NOSORT REQUIRED
         VALUENAME "NoDrives"
          ITEMLIST
                NAME !!ABOnly           VALUE NUMERIC 3
                NAME !!COnly            VALUE NUMERIC 4
                NAME !!DOnly            VALUE NUMERIC 8
                NAME !!ABConly          VALUE NUMERIC 7
                NAME !!ABCDOnly         VALUE NUMERIC 15
                NAME !!ALLDrives        VALUE NUMERIC 67108863
                ;low 26 bits on (1 bit per drive)
                NAME !!RestNoDrives     VALUE NUMERIC 0 (Default)
          END ITEMLIST
     END PART
   END POLICY
 
[strings]
ABCDOnly="Restrict A, B, C and D drives only"
ABConly="Restrict A, B and C drives only"
ABOnly="Restrict A and B drives only"
ALLDrives="Restrict all drives"
COnly="Restrict C drive only"
DOnly="Restrict D drive only"
RestNoDrives="Do not restrict drives"

Then if I explain you this policy displays only specified drives on the client computer. The registry key that this policy affects uses a decimal number that corresponds to a 26-bit binary string, with each bit representing a drive letter:

11111111111111111111111111
ZYXWVUTSRQPONMLKJIHGFEDCBA

I choose an example where I want to hide A,B,C,D and E drives :

00000000000000000000011111
ZYXWVUTSRQPONMLKJIHGFEDCBA

Then convert to decimal. This binary string converts to 31 in decimal. Add this line to the [strings] section in the new HideDrives.adm file:

ABCDEOnly="Restrict A,B,C,D and E drives only"

After add this entry in the ITEMLIST section above and save the HideDrives.adm file.

NAME !!ABCDE_Only         VALUE NUMERIC 31

So the whole ADM file must look like this :

CLASS USER
 
CATEGORY  !!HideDrives
 
KEYNAME Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
    POLICY !!HideDrives
 
    PART !!HideDrivesDropdown    DROPDOWNLIST NOSORT REQUIRED
    VALUENAME "NoDrives"
    ITEMLIST
        NAME !!ABOnly           VALUE NUMERIC    3
        NAME !!COnly            VALUE NUMERIC    4
        NAME !!DOnly            VALUE NUMERIC    8
        NAME !!ABConly          VALUE NUMERIC    7
        NAME !!ABCDOnly         VALUE NUMERIC    15
        NAME !!HideABCDE        VALUE NUMERIC    31
        NAME !!ALLDrives        VALUE NUMERIC    67108863 DEFAULT
        NAME !!RestNoDrives     VALUE NUMERIC    0
    END ITEMLIST
    END PART
    END POLICY
 
END CATEGORY;HideDrives
 
[strings]
Blank=" "
ABCDOnly="Restrict A, B, C and D drives only"
ABConly="Restrict A, B and C drives only"
ABOnly="Restrict A and B drives only"
ALLDrives="Restrict all drives"
COnly="Restrict C drive only"
DOnly="Restrict D drive only"
HideABCDE="Restrict A,C,E,D and E drives only"
HideDrives="Hide Drives"
HideDrivesDropdown="Hide Drives Selection"
MoveProfile="Move Profiles"
MoveProfileDropdown="Move User Profile Location"
MOVEPROFILETOD="Move Profile to D Drive"
RestNoDrives="Restore Drives"

I think you’re good with this one, just import this ADM file and activate it following the part 1.

Links : Microsoft KB (thx to CTXBlog.fr)

CLASS USER

CATEGORY  !!HideDrives

KEYNAME Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
POLICY !!HideDrives

PART !!HideDrivesDropdown    DROPDOWNLIST NOSORT REQUIRED
VALUENAME “NoDrives”
ITEMLIST
NAME !!ABOnly           VALUE NUMERIC    3
NAME !!COnly            VALUE NUMERIC    4
NAME !!DOnly            VALUE NUMERIC    8
NAME !!ABConly          VALUE NUMERIC    7
NAME !!ABCDOnly         VALUE NUMERIC    15
NAME !!HideABCDE        VALUE NUMERIC    31
NAME !!ALLDrives        VALUE NUMERIC    67108863 DEFAULT
NAME !!RestNoDrives     VALUE NUMERIC    0
END ITEMLIST
END PART
END POLICY

END CATEGORY;HideDrives

[strings]
Blank=” ”
ABCDOnly=”Restrict A, B, C and D drives only”
ABConly=”Restrict A, B and C drives only”
ABOnly=”Restrict A and B drives only”
ALLDrives=”Restrict all drives”
COnly=”Restrict C drive only”
DOnly=”Restrict D drive only”
HideABCDE=”Restrict A,C,E,D and E drives only”
HideDrives=”Hide Drives”
HideDrivesDropdown=”Hide Drives Selection”
MoveProfile=”Move Profiles”
MoveProfileDropdown=”Move User Profile Location”
MOVEPROFILETOD=”Move Profile to D Drive”
RestNoDrives=”Restore Drives”

Post author