Protected Devices for NT
This module protects the access to all drives, parallel and serial ports.
It sets standard NT ACL on these devices.
This additional program allows to filter the drives displayed in the
NT Explorer user interface.
The program must be launched by a user having administrator privileges
on the local machine. The System account is a good candidate,
but any administrator is suitable.
An easy solution is to run the program during the machine boot
in the service AUTOEXNT (from the NT Resource Kit) - but it may
be excuted at any time.
The ACL are set immediately but they are volatile.
You must re-apply them when the machine was shut down.
This program is an extension to system policies.
It is loaded at logon time.
In order to activate it, you must create the value
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PolicyHandler = "path\hide_dev.dll,ProcessPolicies"
To customise the access, add a value of type REG_SZ
or REG_EXPAND_SZ, under the
for each device type or logical drive.
Each value may contain several userid or groupeid separated by a semicolon ';'.
To disable security on one device type (allow access to everybody),
use the "default" keyword.
The ACL will be the sum of both the groups/users specified for the drive
letter and the one specified in its drive type.
An example of a policy template file (PROT_DEV.ADM) is provided.
|Drive_Removable||Floppies, ZIP, JAZZ, etc.|
|Drive_CD||CD-ROM, CD-Write, etc.|
|Drive_RAM||RAM drive (in memory)|
|Drive_Remote||Network drives (HIDE_DEV only)|
|LPT ports||Parallel ports|
|COM ports||Serial ports|
|A:||logical drive A:|
|...||logical drive ...|
|Z:||logical drive Z:|
- -id to explicitly deny access to a groupid/userid
- *id to allow access but not display in Explorer
- -*id to explicitly deny display in Explorer
Some groups are always granted access:
An explicit deny will have no effect on these groups members.
- Account Operators
- Backup Operators
- Server Operators
- Power Users
When applying the ACL to a mapped network drive, NT applies it to the mapped
directory. Therefor, ACL are not applied on network drives.
The package is composed of:
[Other free NT tools] ...
[How to contact me] ...
[Batch files tips & tricks]