Security

從 Windows 資源管理器中刪除地址欄或隱藏其內容 - Windows Server 2008 R2

  • May 13, 2014

我目前正在嘗試查找可以從 Windows 資源管理器中刪除地址欄或阻止該欄顯示完整 UNC 路徑的 GPO 或系統資料庫編輯。目前環境對 C:\ 驅動器以及網路共享有完全限制。但是,我能找到的唯一“安全漏洞”是使用者可以完全訪問其他使用者的漫遊配置文件。也就是說,如果他們足夠聰明,可以使用環境變數瀏覽到他們的配置文件文件夾,從而顯示共享的完整 UNC 路徑。如果情況變得更糟,我總是可以啟用下面的 GPO 條目,但啟用它只會讓管理員頭疼,因為即使Add the Administrator security Group to roaming user profiles啟用了該策略也會刪除繼承權限

User Config>Policies>Windows Settings>Folder Redirection>Documents>Options
Grant user exclusive rights to Documents

我也嘗試過沒有運氣進行以下系統資料庫​​修改。

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Explorer]
"ITBar7Layout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,34,00,00,00,19,00,00,00,\
 40,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
 00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,00,29,05,00,00,a0,0f,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser]
"ITBar7Layout"=hex:11,00,00,00,4c,00,00,00,00,00,00,00,34,00,00,00,19,00,00,00,\
 40,00,00,00,01,00,00,00,20,07,00,00,a0,0f,00,00,05,00,00,00,62,05,00,00,26,\
 00,00,00,02,00,00,00,21,07,00,00,a0,0f,00,00,04,00,00,00,29,05,00,00,a0,0f,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
 00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00

任何其他關於做什麼的建議將不勝感激。-謝謝

既然你已經知道你應該使用…

User Config>Policies>Windows Settings>Folder Redirection>Documents>Options > Grant user exclusive rights to Documents

…那麼您唯一的選擇就是做對,因此可能會造成一些管理/管理問題,或者繼續嘗試尋找隱藏 UNC 路徑的方法。沒有,我現在就告訴你,但你可以繼續嘗試。

您在嘗試隱藏 UNC 時未能想到的另一個問題是,使用者還可以執行文件 > 另存為,這也會顯示 UNC 路徑。我敢肯定,除了這裡提到的兩種方法之外,還有更多的方法,但我剛剛想到了,我知道你不能把它們藏在那裡;它們被設計為可見。

如果這顯得過於魯莽,我真的很抱歉,但恐怕你已經知道你的問題的答案了。

引用自:https://serverfault.com/questions/594863

相關問答

Windows-Server-2008-R2

組策略 Internet Explorer 預設安全設置?

  • March 20, 2015
檢視問答
Windows-Server-2008-R2

應用審計策略,然後在每次 gpupdate 後刪除

  • October 6, 2014
檢視問答
Windows

Applocker 自定義擴展(Java、CPL、MSC 等)

  • January 31, 2013
檢視問答
Windows-Server-2008-R2

無法訪問 NAS 設備

  • June 15, 2012
檢視問答
Windows-Server-2008-R2

跨域調整桌面圖示大小

  • January 23, 2012
檢視問答
Windows

為什麼 MS GPO 選項會破壞使用主機文件作為機器名稱的 SMB 共享?

  • March 15, 2022
檢視問答