NoDrives registry entry...

The place to bring up any design issues, or post your own creations

Moderator: Moderator Team

Post Reply
gordon451
Posts: 25
Joined: Fri Dec 13, 2013 2:20 pm

NoDrives registry entry...

Post by gordon451 »

...to hide selected drives/volumes from less qualified users.

OK. My box is Win7 Home Premium SP1, with 4 accounts, Admin and 3 user accounts--family members. I have 3 drives, 2x 500GB and one 3TB.

Drive0 has drives C: (boot, 243GB) and D: (compressed data, 223GB) and System Reserved (100GB);
Drive1 has drives F: (pagefile, 5GB) and E: (uncompressed data, 461GB);
Drive2 has drive G: (monolithic data storage, 2794GB).

I want to hide drive F: from everyone except Admin. It is obviously a System Disk, so even if I had Group Policy on this box, I can't hide it, at least on W7. Unfortunately, the security settings on F: include "Users:(Read, List folder contents, Read & Execute)", and I am reluctant to even touch those in case I wreck the system.

I have been using "NoDrives" in HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer in each of the three user accounts from Admin with regedit, which works for a while until Windows does a scan and deletes it. The really silly bit is that I can successfully hide C: from two of my users with no visible dramas!

So my thought is that while we are looking at the fundamentals in ReactOS, getting the kernel to work properly, can we make sure we have a better mechanism than Microsoft offers to hide sensitive drives from unauthorised users?

Gordon.
nsh
Posts: 4
Joined: Tue Aug 26, 2014 11:43 pm

Re: NoDrives registry entry...

Post by nsh »

I believe ReactOS should follow the MS way.
If however some slight "enhancements" are possible then in this case the "Local Group Policy Editor" could allow hiding any drive letter(s). I think by default (in Windows) we can hide only C or C-D or something like that.
Maybe ReactOS "Local Group Policy Editor" could also show the user what registry key it is actually modifying.
It would be easier than using for example "Regshot" or "Process Monitor".

Anyway regarding hiding F-drive on Windows (7) it should work with these two registry changes (my examples use reg.exe command).

First the one you had already figured out:

Code: Select all

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoDrives" /t REG_DWORD /d "0x00000020" /f
In addition this one is also needed:

Code: Select all

reg add "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "NoViewOnDrive" /t REG_DWORD /d "0x00000020" /f
I don't know what scan Windows does in your case, but when I used to use this nothing was removing these automatically.
I used this on my HTPC for the HTPC user when it was running windows 7.
.nsh
gordon451
Posts: 25
Joined: Fri Dec 13, 2013 2:20 pm

Re: NoDrives registry entry...

Post by gordon451 »

G'day nsh -

Well, I learn something every day!!! In all my searching, the NoViewOnDrive key never surfaced at all.

Anyway, thanks for that, I've just done it to all User accounts from Admin. Now let's see if it sticks... As I said, it seems that making a drive into a pagefile makes it a system disk/file with different properties to user files. This may also be something ROS devs might want to suss out. I should say that doing the same thing on W2K with only the HKCU\\NoDrives key effectively hid my pagefile from all users while leaving it visible where it was needed, in Admin, with no dramas. Maybe W7 UAC is getting its knickers in a knot?

When my box lights up, the drive light stays on for some (variable) time. It seems Windows is scanning for disk errors, and that I certainly approve of, rather like the registry scan W2K would do at start-up, and I devoutly hope W7 does as well.

As far as ROS goes, I don't care how it's done, as long as it is done, and in a more robust and accessible fashion: I'd like to see Group Policy accessible to all versions, not just a privileged few.

Gordon.
nsh
Posts: 4
Joined: Tue Aug 26, 2014 11:43 pm

Re: NoDrives registry entry...

Post by nsh »

Happy to be of help and I hope it works for you!

I don't know if the drive having pagefile.sys on it affects the registry settings as I've not used a paging file since NT4 (I know not to use too much RAM :) so my hidden (from users) drive didn't have that. It was just a disk that contained backups.
But UAC was on for non admin users on the Windows 7 so that shouldn't break this.

If it does not work for you maybe you could change the NTFS rights on the F-drive so that users don't have "list" rights. Just "read" and/or "write" if they need any access to the drive.
That way even if it shows it will appear empty... If that helps you.

Yeah, definitely things like GPO editor should not be restricted in ReactOS :D I don't see why ROS would even need to limit "features" the way MS does with different editions.

edit: typos.
.nsh
Shawnysha
Posts: 1
Joined: Mon Sep 05, 2016 1:29 pm

Re: NoDrives registry entry...

Post by Shawnysha »

gordon451 wrote:...to hide selected drives/volumes from less qualified users.

OK. My box is Win7 Home Premium SP1, with 4 accounts, Admin and 3 user accounts--family members. I have 3 drives, 2x 500GB and one 3TB.

Drive0 has drives C: (boot, 243GB) and D: (compressed data, 223GB) and System Reserved (100GB);
Drive1 has drives F: (pagefile, 5GB) and E: (uncompressed data, 461GB);
Drive2 has drive G: (monolithic data storage, 2794GB).

I want to hide drive F: from everyone except Admin. It is obviously a System Disk, so even if I had Group Policy on this box, I can't hide it, at least on W7. Unfortunately, the security settings on F: include "Users:(Read, List folder contents, Read & Execute)", and I am reluctant to even touch those in case I wreck the system.

I have been using "NoDrives" in HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer in each of the three user accounts from Admin with regedit, which works for a while until Windows does a scan and deletes it. The really silly bit is that I can successfully hide C: from two of my users with no visible dramas!

So my thought is that while we are looking at the fundamentals in ReactOS, getting the kernel to work properly, can we make sure we have a better mechanism than Microsoft offers to hide sensitive drives from unauthorised users?

Gordon.

same here Gordon! I learned a lot each day browsing here and there! I've been using Nodrives since then and this really helps me a lot!
Post Reply

Who is online

Users browsing this forum: No registered users and 8 guests