I know of deep freeze; another college near me is using it with some success but they had a problem with things like virus software updates - deep freeze was wiping these out at each reboot! It's such a common requirement that I'm sure there must be a way round it but I've not yet had time to investigate.
Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: 12 January 2004 15:45 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Bug in GPO? I used to do a bit of work with some companies up north that had the same issue. They purchased a software product called DeepFreeze which basically reset the C drive back to the way it was at last boot up. They would image the systems, turn on deep freeze, and the users were not able to do anything that a simple reboot would not fix. They were also not able to save any data on drive C - in their case an added benefit. It may be worth looking into as an extra security setup especially in lab situations. Regards; James R. Day National Parks Service - AD Core Team (202) 354-1464 Fax (202) 371-1549 [EMAIL PROTECTED] |---------+----------------------------------> | | "Steve Rochford" | | | <[EMAIL PROTECTED]| | | .uk> | | | Sent by: | | | [EMAIL PROTECTED]| | | tivedir.org | | | | | | | | | 01/12/2004 11:24 AM GMT| | | Please respond to | | | ActiveDir | |---------+----------------------------------> >----------------------------------------------------------------------- -------------------------------------------------------| | | | To: <[EMAIL PROTECTED]> | | cc: (bcc: James Day/Contractor/NPS) | | Subject: RE: [ActiveDir] Bug in GPO? | >----------------------------------------------------------------------- -------------------------------------------------------| I'd completely agree with this. I work in a college and we don't want the students to (accidentally or deliberately) play with files on the C: drive but even the tightest set of policies makes no real difference - just typing "C:" into a file open dialog will show you the drive and typing "desktop" into the address bar in Internet Explorer also leads to some fun :-) In the end it's easier to make sure that permissions are as tight as possible so that people can't do too much damage and be prepared to re-image the machine if they do! Steve From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] Sent: 31 December 2003 04:06 To: [EMAIL PROTECTED] Subject: RE: [ActiveDir] Bug in GPO? Mark- This worked for me on XP as expected--I chose to hide the C: drive using this policy and it was hidden in both My Computer and Explorer. One thing I did note was that, if I enabled this policy while I had Explorer up and running, the C: drive would only get "partially" hidden. That is, it still appeared in the Explorer tree view but didn't in the right hand results pane. Weird. Restarting Explorer cleared that up and C: was gone. Just as a note, this policy is really nothing more than "shell obfuscation". For example, even with the C: drive hidden in Explorer, there are numerous ways the intrepid user can get to C:. For example, opening a command shell, using the File Open dialog in any number of applications, etc. So, even if you get it working, its not real security. I found that, in the past, it also confused some applications, depending upon how poorly they were written. In the end I decided to give up on the drive hiding thing because it caused more confusion than it fixed. Just my .02. Darren List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
