1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Map local drive

Discussion in 'Windows Home Server' started by Dirk, Sep 4, 2009.

  1. Dirk

    Dirk Guest

    Hello,

    I have a problem with my mapped local drives in terminal services.
    All my local drives are correctly mapped but when I open one of these then I
    get an error message that it is for security reasons unavailable.

    The cause is that we are using software restrictions. Users can only open
    the configured executables. When I disable software restrictions users can
    correctly open the local drive. Can you tell me which executables I must
    enable for the users? I can't find which executables it must be. Explorer.exe
    is off course enabled.

    Thanks for your reaction.

    Kind regards,

    Dirk Geneugelijk
     
    Dirk, Sep 4, 2009
    #1
  3. jolteroli

    jolteroli Guest

    how did you configure SRP?

    our default rule is to not allow and define the exception by path-rules.
    also we restrict execution of programs as well as loading dll files for any
    user, except for the local admin.

    there should be at least the rules:
    (o) %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\SystemRoot%
    (o) %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\SystemRoot%*.exe
    (o) %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
    NT\CurrentVersion\SystemRoot%System32\*.exe
    (o)
    %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir%

    these were added by enabling the SRPs. additionally we ususally add
    (o) *.lnk

    so the "execution" of shortcuts is allowed from anywhere. (e.g.: users
    startmenu, desktop,...).

    if you use executables on network drives, you must unrestrict the executable
    by its UNC-path, not by the network-drive-letter-path.
    for example: \\box\share\to\my\app.exe, and if neccessary
    \\box\share\to\my\app\app.dll too.

    is there an "autorun.inf" on that network drive? this would explain why
    "opening" -- or better running -- the drive will yield this message. just
    right-click on the drive and choose "Explorer" or alike...

    -jolt

    "Dirk" <Dirk@discussions.microsoft.com> schrieb im Newsbeitrag
    news:8609BF58-14CD-406C-A077-8181661C1F6B@microsoft.com...<!--coloro:blue--><span style="color:blue <!--/coloro-->
    > Hello,
    >
    > I have a problem with my mapped local drives in terminal services.
    > All my local drives are correctly mapped but when I open one of these then
    > I
    > get an error message that it is for security reasons unavailable.
    >
    > The cause is that we are using software restrictions. Users can only open
    > the configured executables. When I disable software restrictions users can
    > correctly open the local drive. Can you tell me which executables I must
    > enable for the users? I can't find which executables it must be.
    > Explorer.exe
    > is off course enabled.
    >
    > Thanks for your reaction.
    >
    > Kind regards,
    >
    > Dirk Geneugelijk
    > <!--colorc--><!--/colorc-->
     
    jolteroli, Sep 5, 2009
    #2

Share This Page