Make your own free website on Tripod.com

Protected Devices for NT

PROT_DEV

This module protects the access to all drives, parallel and serial ports. It sets standard NT ACL on these devices.

HIDE_DEV

This additional program allows to filter the drives displayed in the NT Explorer user interface.



Installation

PROT_DEV

The program must be launched by a user having administrator privileges on the local machine. The System account is a good candidate, but any administrator is suitable.
An easy solution is to run the program during the machine boot in the service AUTOEXNT (from the NT Resource Kit) - but it may be excuted at any time.

The ACL are set immediately but they are volatile. You must re-apply them when the machine was shut down.

HIDE_DEV

This program is an extension to system policies. It is loaded at logon time.

In order to activate it, you must create the value HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\PolicyHandler = "path\hide_dev.dll,ProcessPolicies"


Customisation

To customise the access, add a value of type REG_SZ or REG_EXPAND_SZ, under the HKEY_LOCAL_MACHINE\SOFTWARE\MarcStern\ProtectedDevices key for each device type or logical drive.
Each value may contain several userid or groupeid separated by a semicolon ';'.
To disable security on one device type (allow access to everybody), use the "default" keyword.

The ACL will be the sum of both the groups/users specified for the drive letter and the one specified in its drive type.

An example of a policy template file (PROT_DEV.ADM) is provided.

Device typeDescription
Drive_FixedHard disks
Drive_RemovableFloppies, ZIP, JAZZ, etc.
Drive_CDCD-ROM, CD-Write, etc.
Drive_RAMRAM drive (in memory)
Drive_RemoteNetwork drives (HIDE_DEV only)
LPT portsParallel ports
COM portsSerial ports
A:logical drive A:
...logical drive ...
Z:logical drive Z:

Special syntax

Some groups are always granted access:

An explicit deny will have no effect on these groups members.

WARNING

When applying the ACL to a mapped network drive, NT applies it to the mapped directory. Therefor, ACL are not applied on network drives.


Package

The package is composed of:


Dependencies


[XSET] ... [Other free NT tools] ... [How to contact me] ... [Batch files tips & tricks]