Surely that partition is then available for users to write to (unless you make sure you lock down everything but that's where I came in!!)
Steve -----Original Message----- From: Roger Seielstad [mailto:[EMAIL PROTECTED] Sent: 14 January 2004 13:00 To: '[EMAIL PROTECTED]' Subject: RE: [ActiveDir] Bug in GPO? All you need to do is put the AV software on a different partition.... -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Steve Rochford [mailto:[EMAIL PROTECTED] > Sent: Wednesday, January 14, 2004 6:43 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Bug in GPO? > > > I know of deep freeze; another college near me is using it with some > success but they had a problem with things like virus software updates > - deep freeze was wiping these out at each reboot! It's such a common > requirement that I'm sure there must be a way round it but I've not > yet had time to investigate. > > Steve > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] > > Sent: 12 January 2004 15:45 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Bug in GPO? > > > > > > I used to do a bit of work with some companies up north that had the > same issue. They purchased a software product called DeepFreeze which > basically reset the C drive back to the way it was at last boot up. > They would image the systems, turn on deep freeze, and the users were > not able to do anything that a simple reboot would not fix. They were > also not able to save any data on drive C - in their case an added > benefit. > > It may be worth looking into as an extra security setup especially in > lab situations. > > Regards; > > James R. Day > National Parks Service - AD Core Team > (202) 354-1464 > Fax (202) 371-1549 > [EMAIL PROTECTED] > > > |---------+----------------------------------> > | | "Steve Rochford" | > | | <[EMAIL PROTECTED]| > | | .uk> | > | | Sent by: | > | | [EMAIL PROTECTED]| > | | tivedir.org | > | | | > | | | > | | 01/12/2004 11:24 AM GMT| > | | Please respond to | > | | ActiveDir | > |---------+----------------------------------> > > >------------------------------------------------------------- > ---------- > -------------------------------------------------------| > | > | > | To: <[EMAIL PROTECTED]> > | > | cc: (bcc: James Day/Contractor/NPS) > | > | Subject: RE: [ActiveDir] Bug in GPO? > | > > >------------------------------------------------------------- > ---------- > -------------------------------------------------------| > > > > > I'd completely agree with this. I work in a college and we don't want > the students to (accidentally or deliberately) play with files on the > C: > drive but even the tightest set of policies makes no real difference - > just typing "C:" into a file open dialog will show you the drive and > typing "desktop" into the address bar in Internet Explorer also leads > to some fun > :-) > > In the end it's easier to make sure that permissions are as tight as > possible so that people can't do too much damage and be prepared to > re-image the machine if they do! > > Steve > > From: Darren Mar-Elia [mailto:[EMAIL PROTECTED] > Sent: 31 December 2003 04:06 > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Bug in GPO? > > Mark- > This worked for me on XP as expected--I chose to hide the C: > drive using > this policy and it was hidden in both My Computer and Explorer. One > thing I did note was that, if I enabled this policy while I had > Explorer up and running, the C: drive would only get "partially" > hidden. That is, > it still appeared in the Explorer tree view but didn't in the right > hand results pane. Weird. Restarting Explorer cleared that up and C: > was gone. > > Just as a note, this policy is really nothing more than "shell > obfuscation". For example, even with the C: drive hidden in Explorer, > there are numerous ways the intrepid user can get to C:. For example, > opening a command shell, using the File Open dialog in any number of > applications, etc. So, even if you get it working, its not real > security. I found that, in the past, it also confused some > applications, depending upon how poorly they were written. In the end > I decided to give up on the drive hiding thing because it caused more > confusion than it fixed. Just my .02. > > Darren > > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%> 40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
