Citrix XenApp – Hiding system drives part 1/2

Hiding system drives C, D, floppy if there is still one and CDRom seems to be easy but I saw many many time at some customer’s place administrator unable to complete this simple operation. The reason is in most of the case, the administrator doesn’t really know how to manage GPO and what is difference between user and machine GPOs.

First you need to know there is a built-in GPO in Microsoft Windows 2003 / 2008 / R2 with these settings ready to be set.

To set it up, you need to create a new GPO or edit an existing one and find these two GPO bellow as follow :

Most of the administrators I spoke with told me they’ve done that already, but it still doesn’t work, they rebooted XenApp servers, Domain controller, everything they could reboot… But they forgot the essential…

These GPO above are USER GPO and this GPO is place on the XenApp OU in the Active Directory where there is no user at all. The solution is very simple you need to activate the GPO loopback :

This setting directs the system to apply the set of Group Policy objects for the computer to any user who logs on to a computer affected by this setting. It is intended for special-use computers, such as those in public places, laboratories, and classrooms, where you must modify the user setting based on the computer that is being used.

Then with a gpupdate /enforce this hiding drives GPO is working ! Finally !

In the second part of this blog I will explain how you can go further and hide drives with other letters than A,B,C or D.

Post author