Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Friday, March 24, 2017 12:03 PM
We are testing Windows 10 Enterprise and have hit a snag (a few actually). This one is interesting... We have a GPO to block CMD and to block the standard Map Network Drive in Explorer (button is greyed out in "This PC"), but...
If you browse to a to a network location, go to the ribbon and click "Home>Easy access>Map as drive", it still works! Does anyone know the GPO to disable that as well?
Thanks is Advance!
Monday, March 27, 2017 2:03 AM
Hi ACorbs1,
What is the main purpose and what is the exact applying environment? Have you configured the gpo(User Configuration\Administrative Templates\Windows Components\File Explorer\Remove "Map Network Drive" and "Disconnect Network Drive")?
If the main purpose is to disable the ability to access the network drive, we could deploy the firewall rule to disable the SMB packets or disabling the SMB protocol.
Best regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Wednesday, March 29, 2017 5:42 PM
Management only wants people to have the mapped drives that are authorized and pushed with GPO. All command lines are blocked and User Configuration\Administrative Templates\Windows Components\File Explorer\Remove "Map Network Drive" is set. The problem is this new “feature” in Windows 10 does not seem to follow the GPO.
Any Ideas?
Thursday, March 30, 2017 7:53 AM
Hi ACorbs1,
"Management only wants people to have the mapped drives that are authorized and pushed with GPO."
I think the best way to control the people to map the drive is to configure the network drives' permission to restrict them. Anyway, the user could access the network drive if they have the permissions.
Best regards
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Monday, April 10, 2017 6:20 PM
And how would you go about blocking someone from mapping a sub directory of a share they have access to? This comes down to management is tired of people trying to send links that don't work because people set up their own drives.
Does anyone know how to fix this?
Friday, May 5, 2017 1:56 PM
Here is a piece of info that might be relevant:
As a security measure to mitigate ransomware damage, we want to change drive letter mapping of network shares to unc path shortcuts to the same shares. A problem that arises is that if a user has a shortcut to the previously lettered drive network share, windows 10 pops up a window saying that shortcut "...will no longer work correctly... delete yes/no".
If the user selects No, windows maps a drive, even if the policy to allow user mapping drives is disabled, with the next available drive letter. The shortcut is unchanged until it is followed again, whereupon windows rewrites the shortcut with the newly created drive letter mapping. This defeats our strategy.
How do I prevent windows from performing these automatic actions?
===========
ANSWER:
www.pctools.com/guides/registry/detail/230/
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer Add an new dword value “LinkResolveIgnoreLinkInfo” REG_DWORD (DWORD Value) (0 = disabled, 1 = enabled)