Microsoft Press Windows Vista Administrator's Pocket Consultant ebook
Page 39
Prevent Access To Drives From My Computer
Prevents users from accessing files on selected drives in Windows Explorer views. Users also can't use Run or Map Network Drive to access files on these drives.
Remove "Map Network Drive" And "Disconnect Network Drive"
Prevents users from mapping or disconnecting network drives using Windows Explorer or My Network Places. This doesn't prevent use of other techniques, such as using the command prompt.
Remove CD Burning Features
Removes CD creation and modification features from Windows Explorer. Users are not prevented from using other CD burning programs.
Remove DFS Tab
Removes the DFS tab from Windows Explorer and Windows Explorer–based windows, preventing users from using the tab to view or change distributed file system (DFS) settings. Note that the DFS tab is only available when DFS is configured in the workgroup or domain.
Remove File Menu From Windows Explorer
Removes the File menu from Windows Explorer views, but doesn't prevent users from using other means to perform tasks that are available on this menu.
Remove Hardware Tab
Removes the Hardware tab from all dialog boxes, preventing users from using the tab to view, change, or troubleshoot hardware devices.
Remove Security Tab
Removes the Security tab in the Properties dialog boxes of files, folders, shortcuts, and drives. This prevents users from changing or viewing the related file and folder permissions.
Remove Windows Explorer's Default Context Menu
Prevents users from right-clicking and displaying shortcut menus on the desktop and in Windows Explorer.
Remove The Folder Options Menu Item From The Tools Menu
Prevents users from accessing the Folder Options dialog box, and as a result, users can't change folder views, file types, or offline file settings.
Request Credentials For Network Installations
Requires user to enter a user name and a password prior to installing applications over the network. If this policy is not enabled, users are only prompted for credentials when installing applications from local disks.
Turn On Classic Shell
Removes Active Desktop and related views, including Web and thumbnail views. This also prevents opening items by single-clicking.
As detailed in Table 11-1, many Windows Explorer policies control the availability of options such as menu items and tabs in dialog boxes. To configure these options for all users of a computer, follow these steps:
Access Group Policy for the system you want to work with. Next access the Windows Explorer node by expanding User Configuration Administrative TemplatesWindows ComponentsWindows Explorer.
Double-click the policy you want to configure. This displays the Properties dialog box, as shown in Figure 11-1. Select one of the following options:
q Not Configured Specifies that no changes will be made to the registry for this policy
q Enabled Enables the policy and updates the registry
q Disabled Disables the policy and updates the registry
Figure 11-1: Configure Windows Explorer options by enabling or disabling the related policies.
Click OK.
Note
You'll find detailed coverage of some of these policies in later sections of this chapter. In particular, be sure to read the next section, "Managing Drive Access in Windows Explorer," which covers hiding or preventing access to drives in Windows Explorer.
As you work with policy settings related to Windows Explorer, it is important to point out that the following settings do not apply to Windows Vista:
Maximum Allowed Recycle Bin Size On Windows Vista, each computer has a recycle bin for each configured drive and each user who logs on locally has a separate private copy of these recycle bins. You can modify the recycle bin settings for the current user by right-clicking Recycle Bin and selecting Properties. On the General tab, select the recycle bin location that you want to work with, set the desired maximum allowed size, and then click OK.
No "Computers Near Me" In My Network Places/No "Entire Network" In My Network Places On Windows Vista, the capability to determine network topology is a built-in feature of Network And Sharing Center. The People Near Me feature, used with Windows Collaboration, identifies people using computers on the same network segment, and you can sign in automatically when Windows starts or sign in manually when you want to use Windows Collaboration.
Remove Search Button From Windows Explorer Because search features are more tightly integrated in Windows Vista, they are controlled in different ways. You'll find some related settings under User ConfigurationAdministrative TemplatesWindows ComponentsInstant Search. Options for controlling indexing of files and folders are under Computer ConfigurationAdministrative TemplatesWindows ComponentsSearch.
Managing Drive Access in Windows Explorer
You might want to block access to files on certain drives or even hide certain drives on a system. You manage this through Group Policy. The policies you use are Hide These Specified Drives In My Computer and Prevent Access To Drives From My Computer.
Hiding drives prevents users from accessing them in Windows Explorer views, but it doesn't prevent them from using other techniques to access the drives. In contrast, blocking access to drives prevents users from accessing any files on them and ensures that these files cannot be accessed using Windows Explorer, Run, or Map Network Drive. It doesn't, however, hide drive icons or the folder structure in Windows Explorer.
To hide selected drives or to prevent access to files on selected drives, follow these steps:
Access Group Policy for the system you want to work with. Next access the Windows Explorer node by expanding User ConfigurationAdministrative TemplatesWindows ComponentsWindows Explorer.
To hide drives, double-click Hide These Specified Drives In My Computer and then select Enabled. Next specify which drives you are hiding and then click OK. Key options are the following:
q Select Restrict All Drives to restrict access to all internal hard drives and floppy drives.
q Select Restrict A And B Drives Only to restrict access to floppy drives.
q Select Restrict A, B And C Drives Only to restrict access to floppy drives and drive C.
q Select Do Not Restrict Drives to remove additional restrictions that would otherwise apply.
Click OK.
To block access to files on specific drives, double-click Prevent Access To Drives From My Computer and select Enabled. Next select the drives to which you want to restrict access.
Click OK.
Note
The List Folder Contents permission controls whether a user can see files in a folder. If you want to ensure that users cannot view the names of folders on drives, you'll also want to hide the drives.
Managing File Type Associations
A file type association determines which default application will handle a particular type of file, according to the file extension as well as the associated default action. As an example, if the .doc extension is associated with Microsoft Word and has a default action of Open, double-clicking a .doc file opens the file in Microsoft Word. You can view and change file type associations using the Default Programs utility in Control Panel.
Viewing File Type Associations
When programs are installed, they often create file type associations for specific types of files. For example, when you install a drawing application, image file types such as .gif and .jpg might be associated with the program. You can view the file associations for a program by following these steps:
Click Start, Control Panel. In Control Panel, click Programs.
Click Default Programs and then Associate A File Type Or Protocol With A Program. This displays the Set Associations dialog box, shown in Figure 11-2.
Figure 11-2: View and change file type associations using the Set Associations dialog box.
The Set Associations dialog box provid
es a list of file extensions, the associated file types, and the current default program for a particular file type. If you click the heading for the Description column, you can sort entries so that files of the same type are listed together. This can often help you find multiple file types associated with the same program.
Changing File Type Associations
Sometimes, you'll find that programs have file types associated with them that users would rather have associated with other files. If this happens, you can change the file type association by completing these steps:
Click Start, Control Panel. In Control Panel, click Programs.
Click Default Programs and then Associate A File Type Or Protocol With A Program.
You must change each file extension associated with the file type you want to modify. Select the first file extension that you want to reconfigure and then click Change Program. This displays the Open With dialog box.
Under Recommended Programs and Other Programs, you'll see a list of recommended programs and other programs that might be able to use this file extension. Select the program to use and then click OK.
As necessary, repeat steps 2 and 3 for other file extensions associated with this file type.
Managing Offline Files
Configuring offline files is a multistep process that begins with setting appropriate group policies, continues through configuration of specific offline folders, and ends with setting user options for working offline. Although the primary users who work offline use laptops, which they take home or to other locations, all users can benefit from offline file configurations. Configuring Group Policy for offline files was discussed in Chapter 8, "Configuring User and Computer Policies." This section provides more details about offline files and provides specific steps for their configuration.
Understanding Offline Files
Offline files enable users to store network files on their computer so that they are available when the users are not connected to the network or there is a network outage. Once configured, Windows Vista automatically uses offline files whenever the network files are not available. This enables users to continue working on network files without interruption. When the connection to the network is reestablished, Windows Vista automatically synchronizes the files on the user's computer with the files in the network folder.
The way changes are applied depends on how they were made. If multiple users make changes to a particular offline file, they can use conflict resolution features to save their version of the file over the existing version, keep the other version, or save both versions on the network. If a user deletes an offline file, the file is also deleted on the network, except when someone modifies the file on the network so that it has a more recent date and time stamp. In this case, the file is deleted from the user's computer and not from the network. If users change an offline file that someone else deletes from the network, they can choose to save their version to the network or delete it from their computer.
Windows Vista provides two key enhancements to the way offline files are used:
Change-only syncing Windows Vista allows for faster synchronization by syncing only the changed blocks of files. Thus, unlike Windows XP, where the entire contents of a changed file are written back to the server during synchronization, with Windows Vista only the changed blocks are written back to the server during synchronization.
Unavailable file and folder ghosting When partial contents of a folder are made available offline, Windows Vista creates ghosted entries of other files and folders to preserve the online context. Because of this, when you are not connected to a remote location, you'll see ghost entries for online items as well as normal entries for offline items.
Both users and administrators have control over when offline files are synchronized. Automatic synchronization can be triggered by user logon and logoff and by computers entering the standby or hibernate modes. The exact settings for automatic synchronization depend on Group Policy and user settings. For details on configuring offline files through Group Policy, see the section of Chapter 8 entitled "Configuring Offline File Policies."
Manual synchronization is controlled through Sync Center. You can access Sync Center by following these steps:
Click Start, Control Panel. In Control Panel, click Network And Internet.
On the Network And Internet Page, click Sync Center.
Making Files or Folders Available Offline
Shared network folders can be made available for use offline. By default, all subfolders and files within the shared folders are also available offline. If necessary, you can change the availability of individual files and subfolders. To do this, you'll need to change the availability of each individual file or subfolder. Keep in mind that new files added to a shared folder that is designated for offline use are not automatically distributed to users working offline. The offline folder must be synchronized to obtain the updates.
You can configure offline files using Windows Explorer or the Computer Management console. Because Computer Management enables you to work with and manage offline files on any of your network computers, it's usually the best tool to use. To configure offline files on a server running Microsoft Windows 2000 or Windows Server 2003, you must be a member of the Administrators or the Server Operators group. To configure offline files on a Windows Vista workstation, you must be a member of the Administrators or the Power Users group.
Making files or folders available offline is a three step process. First you share folders. Then you make those folders available for offline use. Finally, you have the users specify the files and folders they want to use offline.
Step 1: Share Folders
In the Computer Management console, you make a folder available for sharing by completing the following steps:
Right-click Computer Management in the console tree and then select Connect To Another Computer. Use the Select Computer dialog box to choose the computer you want to work with.
In the console tree, expand System Tools and Shared Folders and then select Shares. The current shares on the system are displayed in the details pane.
Right-click Shares and then select New File Share. This starts the Create A Shared Folder Wizard, which can be used to share folders as discussed in Chapter 10, "Managing File Security and Folder Sharing," in the "Sharing a Folder and Setting Share Permissions in Computer Management" section.
Step 2: Make Folders Available for Offline Use
In the Computer Management console, you make a shared folder available for offline use by completing these steps:
Right-click Computer Management in the console tree and then select Connect To Another Computer. Use the Select Computer dialog box to choose the computer you want to work with.
In the console tree, expand System Tools and Shared Folders and then select Shares.
Current shared folders are displayed in the details pane. Double-click the share you want to configure for offline use. On the General tab, click Offline Settings.
In the Offline Settings dialog box, shown in Figure 11-3, select one of the following options:
q Only The Files And Programs That Users Specify Will Be Available Offline Use this setting when you want users to manually specify any files that they want available when working offline. This is the default option and is best used when multiple users want to modify the same files within a folder. Once configured for manual caching, files are automatically downloaded and made available for offline use. If an older version of a document was cached previously, the older version is deleted. When using a file online, the server version always reflects that the file is in use.
q All Files And Programs That Users Open From The Share Will Be Automatically Available Offline Use this setting for folders containing user data and programs. Opened files and program executables are automatically downloaded and made available for offline use. If an older version of a document was cached previously, the older version is deleted from the local cache. When using a file online, th
e server version always reflects that the file is in use. Prompts are displayed if version conflicts occur.
With this option, you can also select Optimized For Performance to enable expanded caching of programs. This expanded caching enables programs shared over the network to be cached so they can be run locally, which improves performance.
Figure 11-3: Configure caching options for offline files in the Offline Settings dialog box.
Click OK twice.
Step 3: Specify the Offline Files and Folders to Use
Once you've created the shares and configured offline use of those shares as appropriate, you can specify the files and folders to use offline by following these steps:
Map a network drive to a shared file or folder as discussed in Chapter 10 in the "Using and Accessing Shared Resources" section.
Click Start, Computer. This opens the Computer Console.
Create the offline file cache by doing one of the following:
q To copy the entire contents of a shared folder to the user's computer and make it available for offline use, under Network Location, right-click the shared location and then select Always Available Offline.
q To copy only a selected folder (and its contents) or a selected file to the user's computer and make it available offline, use the Computer console to locate the network file or folder, and then right-click the file or folder and select Always Available Offline.
Designating files and folders for offline use creates a local cache of the contents of the files and folders on the user's computer. It also either establishes a sync partnership between the local computer and the sharing computer or extends an existing sync partnership to incorporate the additional shared files and folders. Sync partnerships can be managed using Sync Center as discussed in the "Managing Offline File Synchronization" section later in this chapter.