View Full Version : attention developers!! system.adm configuration not working
Jon
April 16th 04, 12:54 AM
I am trying to configure a Group Policy on an XP pro
machine to restrict access to a drive that isn't listed.
So I went to knowledge article 231289
(http://support.microsoft.com/default.aspx?scid=kb;en-
us;231289 )
and here it gives specific instructions on how to
change/add the binary/decimal code.
I want to add restrictions to my F drive. From what it
looks like the code should be:
ITEMLIST
NAME !!F_Only VALUE NUMERIC 32
STRINGS
F_Only="Restrict F drive only"
They are in the correct places under itemlists and under
strings. I save the new changes, and restart my
computer. I then open the MMC and see that changes have
not gone into effect.
What am I missing??
Thanks,
Jon
Carrie Garth
April 16th 04, 01:02 AM
"Jon" > wrote in message
...
> I am trying to configure a Group Policy on an XP pro machine to restrict
> access to a drive that isn't listed. So I went to knowledge article
> 231289 (http://support.microsoft.com/default.aspx?scid=kb;en-us;231289 )
> and here it gives specific instructions on how to change/add the
> binary/decimal code. I want to add restrictions to my F drive. From what
> it looks like the code should be:
>
> ITEMLIST
> NAME !!F_Only VALUE NUMERIC 32
>
> STRINGS
> F_Only="Restrict F drive only"
>
>
> They are in the correct places under itemlists and under strings. I save
> the new changes, and restart my computer. I then open the MMC and see
> that changes have not gone into effect. What am I missing??
Your values work for me on my standalone WinXP workstation... All I can
think of is that KB231289 does not really tell you all the steps you need to
take. I will outline what I did and maybe you can use it to make this work
on your computer:
- Use notepad to open C:\WINDOWS\system32\GroupPolicy\Adm\system.adm
- Edit the file using the values you posted (and following the general
procedure given in KB231289)
- Run the Group Policy Editor (gpedit.msc) and enable the "Hide these
specified drives in My Computer" option: "Restrict F drive only" found under
User Configuration\Administrative Templates\Windows Components\Windows
Explorer
- Close gpedit.msc, open Explorer, and the F: drive is hidden
Other suggestions:
Check to see if gpedit.msc wrote the NoDrives value to the correct registry
key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\
Explorer
Note: The above is where the Group Policy Editor wrote the value on my
machine. However, according to the "Group Policy Settings Reference
Spreadsheet" (see link below) it should be written in the location below.
And, indeed, if you manual create the REG_DWORD value (as exported and shown
below, watch for wrap) the F drive will be hidden (after rebooting or using
taskmgr to End Process, and then Run, explorer):
---------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\
Explorer]
"NoDrives"=dword:00000020
------------------
More resources about writing *.adm files:
Newsgroup:
microsoft.public.windows.group_policy
Documentation:
Implementing Registry-Based Group Policy (rbppaper.doc)
http://www.microsoft.com/WINDOWS2000/techinfo/howitworks/management/rbppaper.asp
Windows 2000 Group Policy White Paper (grouppolwp.doc)
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp
Group Policy Settings Reference for Windows Server 2003 (PolicySettings.xls)
http://microsoft.com/downloads/details.aspx?FamilyId=7821C32F-DA15-438D-8E48-45915CD2BC14&displaylang=en
Microsoft Windows XP - Resources about Group Policy and related technologies
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/gpe_resources.mspx
Thanks!
Ends up that the system.adm file is also located
in /Windows/inf/system.adm, for some reason I had to edit
both files in both locations,, but in the end I got it to
work. (some things they don't teach in an MCSE course)
thanks again!
>-----Original Message-----
>"Jon" > wrote in message
...
>
>> I am trying to configure a Group Policy on an XP pro
machine to restrict
>> access to a drive that isn't listed. So I went to
knowledge article
>> 231289 (http://support.microsoft.com/default.aspx?
scid=kb;en-us;231289 )
>> and here it gives specific instructions on how to
change/add the
>> binary/decimal code. I want to add restrictions to my
F drive. From what
>> it looks like the code should be:
>>
>> ITEMLIST
>> NAME !!F_Only VALUE NUMERIC 32
>>
>> STRINGS
>> F_Only="Restrict F drive only"
>>
>>
>> They are in the correct places under itemlists and
under strings. I save
>> the new changes, and restart my computer. I then open
the MMC and see
>> that changes have not gone into effect. What am I
missing??
>
>Your values work for me on my standalone WinXP
workstation... All I can
>think of is that KB231289 does not really tell you all
the steps you need to
>take. I will outline what I did and maybe you can use
it to make this work
>on your computer:
>
>- Use notepad to open C:\WINDOWS\system32
\GroupPolicy\Adm\system.adm
>
>- Edit the file using the values you posted (and
following the general
>procedure given in KB231289)
>
>- Run the Group Policy Editor (gpedit.msc) and enable
the "Hide these
>specified drives in My Computer" option: "Restrict F
drive only" found under
>User Configuration\Administrative Templates\Windows
Components\Windows
>Explorer
>
>- Close gpedit.msc, open Explorer, and the F: drive is
hidden
>
>Other suggestions:
>
>Check to see if gpedit.msc wrote the NoDrives value to
the correct registry
>key:
>
>HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersi
on\Policies\
>Explorer
>
>Note: The above is where the Group Policy Editor wrote
the value on my
>machine. However, according to the "Group Policy
Settings Reference
>Spreadsheet" (see link below) it should be written in
the location below.
>And, indeed, if you manual create the REG_DWORD value
(as exported and shown
>below, watch for wrap) the F drive will be hidden (after
rebooting or using
>taskmgr to End Process, and then Run, explorer):
>
>---------------
>Windows Registry Editor Version 5.00
>
>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVers
ion\policies\
>Explorer]
>
>"NoDrives"=dword:00000020
>------------------
>
>More resources about writing *.adm files:
>
>Newsgroup:
>
>microsoft.public.windows.group_policy
>
>Documentation:
>
>Implementing Registry-Based Group Policy (rbppaper.doc)
>http://www.microsoft.com/WINDOWS2000/techinfo/howitworks/
management/rbppaper.asp
>
>Windows 2000 Group Policy White Paper (grouppolwp.doc)
>http://www.microsoft.com/windows2000/techinfo/howitworks/
management/grouppolwp.asp
>
>Group Policy Settings Reference for Windows Server 2003
(PolicySettings.xls)
>http://microsoft.com/downloads/details.aspx?
FamilyId=7821C32F-DA15-438D-8E48-
45915CD2BC14&displaylang=en
>
>Microsoft Windows XP - Resources about Group Policy and
related technologies
>http://www.microsoft.com/resources/documentation/windows/
xp/all/proddocs/en-us/gpe_resources.mspx
>
>
>
>
>.
>
Carrie Garth
April 16th 04, 01:44 AM
"Jon" > wrote in message
...
> I am trying to configure a Group Policy on an XP pro machine to restrict
> access to a drive that isn't listed. So I went to knowledge article
> 231289 (http://support.microsoft.com/default.aspx?scid=kb;en-us;231289 )
> and here it gives specific instructions on how to change/add the
> binary/decimal code. I want to add restrictions to my F drive. From what
> it looks like the code should be:
>
> ITEMLIST
> NAME !!F_Only VALUE NUMERIC 32
>
> STRINGS
> F_Only="Restrict F drive only"
>
>
> They are in the correct places under itemlists and under strings. I save
> the new changes, and restart my computer. I then open the MMC and see
> that changes have not gone into effect. What am I missing??
Your values work for me on my standalone WinXP workstation... All I can
think of is that KB231289 does not really tell you all the steps you need to
take. I will outline what I did and maybe you can use it to make this work
on your computer:
- Use notepad to open C:\WINDOWS\system32\GroupPolicy\Adm\system.adm
- Edit the file using the values you posted (and following the general
procedure given in KB231289)
- Run the Group Policy Editor (gpedit.msc) and enable the "Hide these
specified drives in My Computer" option: "Restrict F drive only" found under
User Configuration\Administrative Templates\Windows Components\Windows
Explorer
- Close gpedit.msc, open Explorer, and the F: drive is hidden
Other suggestions:
Check to see if gpedit.msc wrote the NoDrives value to the correct registry
key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Policies\
Explorer
Note: The above is where the Group Policy Editor wrote the value on my
machine. However, according to the "Group Policy Settings Reference
Spreadsheet" (see link below) it should be written in the location below.
And, indeed, if you manual create the REG_DWORD value (as exported and shown
below, watch for wrap) the F drive will be hidden (after rebooting or using
taskmgr to End Process, and then Run, explorer):
---------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\
Explorer]
"NoDrives"=dword:00000020
------------------
More resources about writing *.adm files:
Newsgroup:
microsoft.public.windows.group_policy
Documentation:
Implementing Registry-Based Group Policy (rbppaper.doc)
http://www.microsoft.com/WINDOWS2000/techinfo/howitworks/management/rbppaper.asp
Windows 2000 Group Policy White Paper (grouppolwp.doc)
http://www.microsoft.com/windows2000/techinfo/howitworks/management/grouppolwp.asp
Group Policy Settings Reference for Windows Server 2003 (PolicySettings.xls)
http://microsoft.com/downloads/details.aspx?FamilyId=7821C32F-DA15-438D-8E48-45915CD2BC14&displaylang=en
Microsoft Windows XP - Resources about Group Policy and related technologies
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/gpe_resources.mspx
Thanks!
Ends up that the system.adm file is also located
in /Windows/inf/system.adm, for some reason I had to edit
both files in both locations,, but in the end I got it to
work. (some things they don't teach in an MCSE course)
thanks again!
>-----Original Message-----
>"Jon" > wrote in message
...
>
>> I am trying to configure a Group Policy on an XP pro
machine to restrict
>> access to a drive that isn't listed. So I went to
knowledge article
>> 231289 (http://support.microsoft.com/default.aspx?
scid=kb;en-us;231289 )
>> and here it gives specific instructions on how to
change/add the
>> binary/decimal code. I want to add restrictions to my
F drive. From what
>> it looks like the code should be:
>>
>> ITEMLIST
>> NAME !!F_Only VALUE NUMERIC 32
>>
>> STRINGS
>> F_Only="Restrict F drive only"
>>
>>
>> They are in the correct places under itemlists and
under strings. I save
>> the new changes, and restart my computer. I then open
the MMC and see
>> that changes have not gone into effect. What am I
missing??
>
>Your values work for me on my standalone WinXP
workstation... All I can
>think of is that KB231289 does not really tell you all
the steps you need to
>take. I will outline what I did and maybe you can use
it to make this work
>on your computer:
>
>- Use notepad to open C:\WINDOWS\system32
\GroupPolicy\Adm\system.adm
>
>- Edit the file using the values you posted (and
following the general
>procedure given in KB231289)
>
>- Run the Group Policy Editor (gpedit.msc) and enable
the "Hide these
>specified drives in My Computer" option: "Restrict F
drive only" found under
>User Configuration\Administrative Templates\Windows
Components\Windows
>Explorer
>
>- Close gpedit.msc, open Explorer, and the F: drive is
hidden
>
>Other suggestions:
>
>Check to see if gpedit.msc wrote the NoDrives value to
the correct registry
>key:
>
>HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersi
on\Policies\
>Explorer
>
>Note: The above is where the Group Policy Editor wrote
the value on my
>machine. However, according to the "Group Policy
Settings Reference
>Spreadsheet" (see link below) it should be written in
the location below.
>And, indeed, if you manual create the REG_DWORD value
(as exported and shown
>below, watch for wrap) the F drive will be hidden (after
rebooting or using
>taskmgr to End Process, and then Run, explorer):
>
>---------------
>Windows Registry Editor Version 5.00
>
>
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVers
ion\policies\
>Explorer]
>
>"NoDrives"=dword:00000020
>------------------
>
>More resources about writing *.adm files:
>
>Newsgroup:
>
>microsoft.public.windows.group_policy
>
>Documentation:
>
>Implementing Registry-Based Group Policy (rbppaper.doc)
>http://www.microsoft.com/WINDOWS2000/techinfo/howitworks/
management/rbppaper.asp
>
>Windows 2000 Group Policy White Paper (grouppolwp.doc)
>http://www.microsoft.com/windows2000/techinfo/howitworks/
management/grouppolwp.asp
>
>Group Policy Settings Reference for Windows Server 2003
(PolicySettings.xls)
>http://microsoft.com/downloads/details.aspx?
FamilyId=7821C32F-DA15-438D-8E48-
45915CD2BC14&displaylang=en
>
>Microsoft Windows XP - Resources about Group Policy and
related technologies
>http://www.microsoft.com/resources/documentation/windows/
xp/all/proddocs/en-us/gpe_resources.mspx
>
>
>
>
>.
>
vBulletin® v3.6.4, Copyright ©2000-2012, Jelsoft Enterprises Ltd.