How to: Use System Policies to Hide Specific Drives

Posted on

1. Obtain the decimal value for the drives you want to restrict.  
NOTE: The registry key that this policy affects uses a decimal number that corresponds to a 26-bit binary string, with each bit representing a drive letter:  
 

11111111111111111111111111 
ZYXWVUTSRQPONMLKJIHGFEDCBA 
 

This configuration corresponds to 67108863 (in decimal) and hides all drives. If you want to hide drive C, you would make the third lowest bit 0 and then convert the binary string to decimal. The following are sample values that correspond to various drive letters:
Hide all drive letters (default): 67108863
Hide all drive letters but C: 67108859
Hide all drive letters but U: 66060287
Hide all drive letters but C: and U: 66060283
Hide all drive letters but C,O, and U: 66043899

2. Edit the Common.adm file:
a. Open the Common.adm file in a text editor such as Notepad.
b. Locate the HideDrives section in the Common.adm file. Note that it should look like the following: 
  CATEGORY !!Shell  CATEGORY !!Restrictions  POLICY !!HideDrives  VALUENAME ”NoDrives”  VALUEON NUMERIC 67108863; low 26 bits on (1 bit per drive)  END POLICY 
c. Replace the VALUEON NUMERIC value with your new value.
d. Save and then close the file.

3. Edit the system policy:
a. Click Start, point to Programs, point to Administrative Tools (Common), and then click System Policy Editor.
b. On the File menu, click Open Registry.
c. Double-click the Local User policy. 
d. Open the policy to the following location:Local User\Shell\Restrictions
e. Click to select the Hide drives in My Computer check box, and then click OK.   NOTE: Only the drives that you specified in the VALUEON NUMERIC value in the Common.adm file are hidden.
f. On the File menu, click Save. 4. Log off and then log on to the computer for the changes to take effect.You can also use the Microsoft Zero Administration Kit (ZAK) for Windows NT Server 4.0 to selectively hide files. However, the ZAK method requires modifying the Zakwinnt.adm file to add other drive letter options beyond the five built-in selections. The ZAK method can be implemented using only a Windows NT Server-based computer and the original policy template files (Common.adm and Winnt.adm).

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s