MORE INFORMATION

The default location of the System.adm file for a default domain policy is:

The contents of these folders are replicated throughout a domain by the File Replication service (FRS). Note that the Adm folder and its contents are not populated until the default domain policy is loaded for the first time.

To make changes to this policy for one of the seven default values:

1. Start the Microsoft Management Console. On the Console menu, click Add/Remove Snap-in.
2. Add the Group Policy snap-in for the default domain policy. To do this, click Browse when you are prompted to select a Group Policy Object (GPO). The default GPO is Local Computer. You can also add GPOs for other domain partitions (specifically, Organizational Units).
3. Open the following sections: User Configuration, Administrative Templates, Windows Components, and Windows Explorer.
4. Click Hide these specified drives in My Computer.
5. Click to select the Hide these specified drives in My Computer check box.
6. Click the appropriate option in the drop-down box.

These settings remove the icons representing the selected hard disks from My Computer, Windows Explorer, and My Network Places. Also, these drives do not appear in the Open dialog box of any programs.

This policy is designed to protect certain drives, including the floppy disk drive, from misuse. It can also be used to direct users to save their work to certain drives.

To use this policy, select a drive or combination of drives in the drop-down box. To display all drives (hide none), disable this policy or click the Do not restrict drives option.

This policy does not prevent users from using other programs to gain access to local and network drives or prevent them from viewing and changing drive characteristics by using the Disk Management snap-in.

The default values are not the only values that you can use. By editing the System.adm file, you can add your own custom values. This is the portion of the System.adm to be modified:

POLICY !!NoDrives 
   EXPLAIN !!NoDrives_Help
      PART !!NoDrivesDropdown          DROPDOWNLIST NOSORT REQUIRED
         VALUENAME "NoDrives"
          ITEMLIST
                NAME !!ABOnly           VALUE NUMERIC 3
                NAME !!COnly            VALUE NUMERIC 4
                NAME !!DOnly            VALUE NUMERIC 8
                NAME !!ABConly          VALUE NUMERIC 7
                NAME !!ABCDOnly         VALUE NUMERIC 15
                NAME !!ALLDrives        VALUE NUMERIC 67108863                                                  
                ;low 26 bits on (1 bit per drive)
                NAME !!RestNoDrives     VALUE NUMERIC 0 (Default)
          END ITEMLIST
     END PART               
   END POLICY

[strings]
ABCDOnly="Restrict A, B, C and D drives only"
ABConly="Restrict A, B and C drives only"
ABOnly="Restrict A and B drives only"
ALLDrives="Restrict all drives"
COnly="Restrict C drive only"
DOnly="Restrict D drive only"
RestNoDrives="Do not restrict drives"
                

The [strings] section represents substitutions of the actual values in the drop-down box.

This policy displays only specified drives on the client computer. The registry key that this policy affects uses a decimal number that corresponds to a 26-bit binary string, with each bit representing a drive letter:

11111111111111111111111111
ZYXWVUTSRQPONMLKJIHGFEDCBA
                

This configuration corresponds to 67108863 in decimal and hides all drives. If you want to hide drive C, make the third-lowest bit a 1, and then convert the binary string to decimal.

It is not necessary to create an option to show all drives, because clearing the check box deletes the "NoDrives" entry entirely, and all drives are automatically shown.

If you want to configure this policy to show a different combination of drives, create the appropriate binary string, convert to decimal, and add a new entry to the ITEMLIST section with a corresponding [strings] entry. For example, to hide drives L, M, N, and O, create the following string

00000000000111100000000000
ZYXWVUTSRQPONMLKJIHGFEDCBA
                

and convert to decimal. This binary string converts to 30720 in decimal. Add this line to the [strings] section in the System.adm file:

LMNO_Only="Restrict L, M, N and O drives only"
                

Add this entry in the ITEMLIST section above and save the System.adm file.

NAME !!LMNO_Only         VALUE NUMERIC 30720
                

This creates an eighth entry in the drop-down box to hide drives L, M, N, and O only. Use this method to include more values in the drop-down box. The modified section of the System.adm file appears as follows:

POLICY !!NoDrives 
   EXPLAIN !!NoDrives_Help
      PART !!NoDrivesDropdown          DROPDOWNLIST NOSORT REQUIRED
         VALUENAME "NoDrives"
          ITEMLIST
                NAME !!ABOnly           VALUE NUMERIC 3
                NAME !!COnly            VALUE NUMERIC 4
                NAME !!DOnly            VALUE NUMERIC 8
                NAME !!ABConly          VALUE NUMERIC 7
                NAME !!ABCDOnly         VALUE NUMERIC 15
                NAME !!ALLDrives        VALUE NUMERIC 67108863                                                  
                ;low 26 bits on (1 bit per drive)
                NAME !!RestNoDrives     VALUE NUMERIC 0 (Default)
                            NAME !!LMNO_Only        VALUE NUMERIC 30720
          END ITEMLIST
     END PART               
   END POLICY

[strings]
ABCDOnly="Restrict A, B, C and D drives only"
ABConly="Restrict A, B and C drives only"
ABOnly="Restrict A and B drives only"
ALLDrives="Restrict all drives"
COnly="Restrict C drive only"
DOnly="Restrict D drive only"
RestNoDrives="Do not restrict drives"
LMNO_Only="Restrict L, M, N and O drives only"
                

This [strings] section represents substitutions of the actual values in the drop-down box.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base: