Unfortunately PWB uses the Internet Explorer HTML rendering engine and this includes the printing and saving dialogs. Fortunately PWB uses the IE HTML rendering engine so most of the Windows Policies will effect PWB.
Here are the directions to restrict the IE save as dialog using PWB and MMC.
In the PWB INI file set the following settings.
[Directories]
SaveAsDirectory=A:
...
[RestrictedSave]
EnableRestrictedSave=False
...
From the Start Menu, run "gpedit.msc"
The following key needs to be Enabled.
----Administrative Templates
--------Desktop
------------Hide and disable all items on the Desktop
------------Remove My Documents icon from Start Menu
--------Windows Components
------------Windows Explorer
----------------Hide these specified drives in My Computer
----------------No "Computers Near me" in My Network Places
----------------No "Entire Network" in My Network Places
----------------Common Open File Dialog
--------------------Hide the common dialog places bar
--------------------Hide the common dialog back button
--------------------Hide the common dialog list of recent files
If you do not have active directory set up this unfortunately changes the user interface for all users including the administrator. You can edit the Group policy for the computer from another Windows 2000 computer to change it back. Windows 2000 wants to be on an active directory and does not leave much in the way of locking down computers via account names.
Please note this does not work with Window XP Home Edition.
--Scott
IE Save dialog restrictions using MMC
Moderators: Tyler, Scott, PWB v2 Moderator
IE Save dialog restrictions using MMC
Last edited by Scott on Wed Oct 25, 2006 3:58 pm, edited 2 times in total.
Locking down Win2000 via Account Names can be done without being on an active directory (standalone) but it requires editing the registry for the current user under HKey_User and the subkey under that for the user, usually ending in a 1000+ or 2000+ number at the end. I've had good luck logging in as administrator on one machine and then remotely editing the registry for another and securing such things as the Desktop settings, Hiding the network, etc, for that local logged in user only. This way it prevents screwing around with the administrator account on that machine. Of course, if the user is ever deleted from User Management then a new subkey is created and the settings are gone. As long as you don't change the user account on that machine, the settings and the security will stay in place. And all this can happen WITHOUT having Win2000 Server and Active Directory setup. I use this in a live setting in the Garland Public Library system. If anyone has questions, feel free to email me. tguidry@nmls.lib.tx.us
Thad
Thad
Hi,
I tried setting up a policy to block browsing of the local hard drives in NT 4. Installed MMC, then went to the Console menu, clicked add/remove snap-ins, clicked the add button. My only choices are ActiveX control, Diskeeper Lite, Folder, and Link to Web Address. Did this all in the administrator account on the local machine.
Am I missing something here?
I tried setting up a policy to block browsing of the local hard drives in NT 4. Installed MMC, then went to the Console menu, clicked add/remove snap-ins, clicked the add button. My only choices are ActiveX control, Diskeeper Lite, Folder, and Link to Web Address. Did this all in the administrator account on the local machine.
Am I missing something here?
-
Guest
How to control the Save dialog in Windows 98?
Is there anyway to restrict the Save dialog in Windows 98? I still want our patrons to be able to download full webpages (images & HTML).
Thanks,
Jason Weinstein
Application Support Technician
Eugene Public Library
Thanks,
Jason Weinstein
Application Support Technician
Eugene Public Library
Re: IE Save dialog restrictions using MMC
Scott -- I have done all these things and my drives are restricted. However My Network Places still shows -- no network computers are listed, but if the user knows the name of any of our servers they can type \\servername and browse the folders on that server. 
Most of them, of course, are not accessible by the 'public' user, but I want to lock that down. How can I do that?
I am using PWB 2.05 and I have setup ManageDL and TDownload. This problem occurs if you click on File | Save as or some other situations where a Windows dialog box opens.
Jane
Most of them, of course, are not accessible by the 'public' user, but I want to lock that down. How can I do that?
I am using PWB 2.05 and I have setup ManageDL and TDownload. This problem occurs if you click on File | Save as or some other situations where a Windows dialog box opens.
Jane
Scott wrote:Unfortunately PWB uses the Internet Explorer HTML rendering engine and this includes the printing and saving dialogs. Fortunately PWB uses the IE HTML rendering engine so most of the Windows Policies will effect PWB.
Here are the directions to restrict the IE save as dialog using PWB and MMC.
In the PWB INI file set the following settings.
[Directories]
SaveAsDirectory=A:
...
[RestrictedSave]
EnableRestrictedSave=False
...
Run MMC
From Console menu, choose Add\Remove Snap-in.
Click Add button
Add Group Policy
Group Policy Object Local Computer
Close Snap-in dialog
Click Ok on Add\Remove dialog
The following key needs to be Enabled.
----Administrative Templates
--------Desktop
------------Hide and disable all items on the Desktop
------------Remove My Documents icon from Start Menu
--------Windows Components
------------Windows Explorer
----------------Hide these specified drives in My Computer
----------------No "Computers Near me" in My Network Places
----------------No "Entire Network" in My Network Places
----------------Common Open File Dialog
--------------------Hide the common dialog places bar
--------------------Hide the common dialog back button
--------------------Hide the common dialog list of recent files
If you do not have active directory set up this unfortunately changes the user interface for all users including the administrator. You can edit the Group policy for the computer from another Windows 2000 computer to change it back. Windows 2000 wants to be on an active directory and does not leave much in the way of locking down computers via account names.
--Scott
I found this resource to be helpful: Using Group Policy Objects to hide specified drives in My Computer for Windows 2000; http://support.microsoft.com:80/support ... 1/2/89.asp Naturally, it works for XP clients as well.
I just answered my own question about users being able to see My Network Places in a dialog box. You can edit this registry setting for your 'patron' login.
HKEY_USERS/ software/microsoft/windows/currentversion/policies/explorer
Add a dword valus named NoNet Hood and modify it to a '1'.
This hides My Network Places in Save or Open dialog boxes.
Jane
HKEY_USERS/ software/microsoft/windows/currentversion/policies/explorer
Add a dword valus named NoNet Hood and modify it to a '1'.
This hides My Network Places in Save or Open dialog boxes.
Jane
When setting the SaveAsDirectory and the DownloadDirecotry you can only have one drive listed in the Save As Directory, and the Download Directory. This will be the starting drive for Internet Explorer to list first when the Save As dialog is shown.
[Directories]
SaveAsDirectory=A:
SaveAsErrorTitle=Floppy required
DownloadDirectory=A:
DownloadErrorTitle=Floppy required
These settings in the INI file simply have PWB set the Windows Registry keys for Internet Explorer.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Save Directory
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory
When you save a file in Internet Explore, Internet Explorer sets these registry keys to remember where you last save a file and then opens the Save As dialog to this location. PWB simply manipulates these keys to have Internet Explorer open to the Folder when the Save As dialog is shown.
We set up a network share and have a batch file map it to drive "F:", and set the Save As Directory and the Download Directory to the "F:" drive. This way if the patron has not, or does not, have a Floppy or USB drive, plugged in they do not get an error and can still download the file. We can then transfer the file from the Network location onto a Floppy, or USB drive for them at a later time.
--Scott
[Directories]
SaveAsDirectory=A:
SaveAsErrorTitle=Floppy required
DownloadDirectory=A:
DownloadErrorTitle=Floppy required
These settings in the INI file simply have PWB set the Windows Registry keys for Internet Explorer.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Save Directory
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download Directory
When you save a file in Internet Explore, Internet Explorer sets these registry keys to remember where you last save a file and then opens the Save As dialog to this location. PWB simply manipulates these keys to have Internet Explorer open to the Folder when the Save As dialog is shown.
We set up a network share and have a batch file map it to drive "F:", and set the Save As Directory and the Download Directory to the "F:" drive. This way if the patron has not, or does not, have a Floppy or USB drive, plugged in they do not get an error and can still download the file. We can then transfer the file from the Network location onto a Floppy, or USB drive for them at a later time.
--Scott
Saving
Hi Scott;
We are using a combination of Fortres and Group Policies to restrict saving to A:\ and E:\
PWB is accessed through a shortcut on the desktop.
Saving while in any of the Office applications works exactly as we'd like.
Saving while in PWB has given us some problems and I suspect that PWB is not playing nicely w/either Fortres or GP because of an incorrect PWB setting.
I am including a copy of our ini file. Could you perhaps have a look and let me know where I went wrong? appreciatively, Sandy
<INI>
[RestrictedSave]
EnableRestrictedSave=True
RestrictedSaveApp=
<INI>
We are using a combination of Fortres and Group Policies to restrict saving to A:\ and E:\
PWB is accessed through a shortcut on the desktop.
Saving while in any of the Office applications works exactly as we'd like.
Saving while in PWB has given us some problems and I suspect that PWB is not playing nicely w/either Fortres or GP because of an incorrect PWB setting.
I am including a copy of our ini file. Could you perhaps have a look and let me know where I went wrong? appreciatively, Sandy
<INI>
[RestrictedSave]
EnableRestrictedSave=True
RestrictedSaveApp=
<INI>
-smray