Prevent Windows Explorer DLL Searching in UNC home Folder?

I'm investigating some response issues with Windows Explorer when a user's
home drive is mapped to a network share. During my network captures I see
that if I launch a local program, such as Calculator or Word 2003, that it
performs several queries to my home drive looking for wshenv.dll.

If I'm in Windows Explorer and click on an Excel file to open it, for
example, then I see several queries for shell32.dll in my home directory.

I've enabled the safedllsearchmode and safeprocesssearchmode, but I'm still
seeing these DLL queries. In addition I enabled the StartRunNoHomePath option
as well. However, per KB 264061 if the HOMEDRIVE path is defined it will
still be searched. I confirmed this variable is defined, which explains why
this didn't help prevent the searches.

This also seems to present some security risk, as a user could place a DLL
in their home folder and Explorer would possibly run it given that it
searches there very frequently.

One of our goals is to minimize WAN traffic. And as far I can tell, these
queries are not useful and just put extra traffic on the WAN whenever anyone
starts a program or clicks on a file.

Any ideas on putting a damper on all DLL searches in a user's home folder?
This is with Windows XP SP2 in a domain environment.

IT Guy wrote:
I'm investigating some response issues with Windows Explorer when a
user's home drive is mapped to a network share. During my network
captures I see that if I launch a local program, such as Calculator
or Word 2003, that it performs several queries to my home drive
looking for wshenv.dll.

If I'm in Windows Explorer and click on an Excel file to open it, for
example, then I see several queries for shell32.dll in my home
directory.

I've enabled the safedllsearchmode and safeprocesssearchmode, but I'm
still seeing these DLL queries. In addition I enabled the
StartRunNoHomePath option as well. However, per KB 264061 if the
HOMEDRIVE path is defined it will still be searched. I confirmed this
variable is defined, which explains why this didn't help prevent the
searches.

This also seems to present some security risk, as a user could place
a DLL in their home folder and Explorer would possibly run it given
that it searches there very frequently.

One of our goals is to minimize WAN traffic. And as far I can tell,
these queries are not useful and just put extra traffic on the WAN
whenever anyone starts a program or clicks on a file.

Any ideas on putting a damper on all DLL searches in a user's home
folder? This is with Windows XP SP2 in a domain environment.

I'm not really sure I see where the problem is, but why not stop using home
directories entirely? You don't need them anymore - they're archaic. Just
use folder redirection. See

How to dynamically create security-enhanced redirected folders by using
folder redirection in Windows 2000 and in Windows Server 2003
\http://support.microsoft.com/kb/274443

....although I'm not sure where the WAN enters into it. You should have the
home directories or redirected folders going to a local server.

IT Guy wrote:
I'm investigating some response issues with Windows Explorer when a
user's home drive is mapped to a network share. During my network
captures I see that if I launch a local program, such as Calculator
or Word 2003, that it performs several queries to my home drive
looking for wshenv.dll.

If I'm in Windows Explorer and click on an Excel file to open it, for
example, then I see several queries for shell32.dll in my home
directory.

I've enabled the safedllsearchmode and safeprocesssearchmode, but I'm
still seeing these DLL queries. In addition I enabled the
StartRunNoHomePath option as well. However, per KB 264061 if the
HOMEDRIVE path is defined it will still be searched. I confirmed this
variable is defined, which explains why this didn't help prevent the
searches.

This also seems to present some security risk, as a user could place
a DLL in their home folder and Explorer would possibly run it given
that it searches there very frequently.

One of our goals is to minimize WAN traffic. And as far I can tell,
these queries are not useful and just put extra traffic on the WAN
whenever anyone starts a program or clicks on a file.

Any ideas on putting a damper on all DLL searches in a user's home
folder? This is with Windows XP SP2 in a domain environment.

I'm not really sure I see where the problem is, but why not stop using home
directories entirely? You don't need them anymore - they're archaic. Just
use folder redirection. See

How to dynamically create security-enhanced redirected folders by using
folder redirection in Windows 2000 and in Windows Server 2003
\http://support.microsoft.com/kb/274443

....although I'm not sure where the WAN enters into it. You should have the
home directories or redirected folders going to a local server.