Restric Local Drive Access in RDSH RemoteApp
When using Microsoft RSDH RemoteApp programs (or even full hosted virtual desktops), you will want to disable/hide certain things so that the end user does not cause issues with the shared environment. Some of the things you will want to disable/hide are the favorites, libraries, and server drive access.
Removing Favorites and Libraries
Restrictions will disable Libraries and Favorites and will hide or restrict users or a group of users from accessing and viewing any drives on the RD Session Host server. Users will be provided with an error message even if they use the UNC path to access the drives.
The primary reason to remove Favorites and Libraries and access to drives is because they contain mostly accessed locations on a system, so in the case of the RD Session Host server, this includes the desktop, downloads, recent places, etc. It is recommended that a user not save any documents to these locations.
Using the Registry (applies to all users including the administrators)
1. For Favorites, the key is:
Changing a0900100 to a9400100 will hide Favorites from the navigation pane.
2. For Libraries, the key is:
Changing b080010d to b090010d will hide Libraries from the navigation pane.
Hiding/Preventing Access to Drives
You can use Group Policy settings to hide and restrict access to drives on the RD Session Host server. By enabling these settings you can ensure that users do not inadvertently access data stored on other drives, or delete or damage programs or other critical system files on drive C.
The following settings are located in the Group Policy Management Console under User Configuration\Policies\Administrative Templates\Windows Components\Windows Explorer:
Hide these specified drives in My Computer. You can remove the icons for specified drives from a user's My Computer folder by enabling this setting and using the drop-down list to select the drives you would like to hide. However, this setting does not restrict access to these drives.
Prevent access to drives from My Computer. Enable this setting to prevent users from accessing the chosen combination of drives. Use this setting to lock down the RD Session Host server for users accessing it for their primary desktop.
Windows Server 2008 R2
Windows Server 2008
Windows Server 2003
Other Group Policy Settings for Additional Security