With TSplus Advanced Security, you can hide specific drives from your TSAD\ExpertMode\Secure Desktop\Configured for this user or group\Customize Security level Settings\Hide Disk Drive.

However, this function is not only about hiding, but can also be restricting so your users can or cannot reach the path using (for example) : \\location\folder.

If you also want to restrict your users access for these drives, you will need to use our TSplus Advanced Security, especially the PERMISSIONS feature.


Here for the PERMISSIONS feature of TSAS : https://docs.terminalserviceplus.com/advanced-security/permissions


You can also assign specific folders locations to your users instead of a full remote desktop or instead of using the explorer.exe during the remote session.


To do so, you can set and assign our folder.exe application to your users : https://docs.terminalserviceplus.com/tsplus/folder




As one of the many security measures, to be able to hide and/or restrict access the local drives from your users can be an important matter. There are two ways of achieving this.

 1- Hiding drives with the admin tool :

Open an Admin Tool, and click on "Expert mode" and "Secure desktops" tile. Select a group of user or a user, click on "Configured for this user/group". Select the desired mode and click on "Customize Security level" : 


For more information about the Secure Desktop feature, check this link : https://docs.dl-files.com/advanced-security/secure-desktop






Click on "Disks Control" :

On the example below, I clicked "select all", which will check all the boxes corresponding to drives that will be hidden to everybody. 
A reboot might be necessary for changes to apply.




Yes, the hard drive will be hidden for everybody, this can be troublesome for administrators that have to work on the server for maintenance, update and so on.
To be able to see the drive from a remote session, open an explorer, as you can see below no drives are visible. Position your mouse on the target fieldType in the location of desired folder :

 2- Hiding/Restricting access to selected drives to non administrator users :

The second option will allow you to be able to hide the drives and/or restrict access to drives : 


If your TSplus server is a member of a domain and these options do not apply because the active directory GPO's have priority over TSplus AD, you can also use this procedure to provide hide/deny access to disks to non administrators users : 


To achieve this you will need to follow the instructions of this FAQ first : https://support.tsplus.net/en/support/solutions/articles/44000037885-how-to-setup-a-local-gpo-on-a-windows-seven-2008-server-at-a-user-level-or-to-non-administrator-groups-


Once you have opened the Group Policy editor using the FAQ above, locate and open the following GPO :

User Configuration\Administrative Templates\Windows Components\File Explorer\Hide these specified drives in My Computer


Or


User Configuration\Administrative Templates\Windows Components\File Explorer\Prevent access to drives in My Computer






By enabling the "Prevent access to drives from My Computer" GPO, you will be able to select which drive will be hidden or forbid access to your users. Hiding drives will still make them available for applications to be used. They also will still be accessible by opening a Windows Explorer and typing the address of desired folder.

If hiding drives is not enough you can also choose to prevent access to selected drives. Be aware that enabling the GPO below can lead to applications not to work properly because of access restrictions that might lead to this kind of error :



GPO once applied should be operative immediately, if not you can force them by opening a ms dos box with the command : gpudate /force
To do so click start, execute and type in "cmd.exe"