Our Windows 2000 Server Service Pack 1 (SP1) machine runs Win2K Server Terminal Services in Application mode and Citrix MetaFrame 1.8 with SP2. When a Citrix client connects, the system tries to access the PC client's A drive. The system also tries to access the A drive each time a user opens My Computer or Windows Explorer. The delay that results is only a few seconds for our desktop users, who enjoy a high-speed connection. However, the delay is a problem for our remote users, who use laptops with rarely connected external A drives. Over a dial-up connection, the session can become locked up for several minutes when users log on or open Explorer. Any suggestions?
Two issues contribute to your problem. First, when users log on to a remote session, the system looks for the autoexec. file. The client drives are mapped, so the system checks those drives for the autoexec.bat file as well. If the A drive isn't connected or if no diskette is in the drive, the system can lock up as it tries to check for the file. Second, if the My Computer or Windows Explorer views are set to show details, the system scans drives for total size and free space information each time a user accesses them.
You can approach the drive-mapping problem a few different ways. First, you can prevent the system from parsing the autoexec.bat file. To do so, run regedt32.exe, open the registry key
HKEY_CURRENT_USER\SOFTWARE\Microsoft\WindowsNT\CurrentVersionWinlogin
\ParseAutoexec REG_SZ=1 and change its value from 1 to 0.
You can also run a batch command to delete the offending drive mapping on logon. Open the file %SystemRoot%\System32\UsrLogn2.Cmd and add the following line:
net use a: /d /y
This file runs before the user has access to the desktop and prevents the Explorer delay.
You can also prevent the drive from mapping by opening the registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersionPolicies\Explorer/NoDrives REG_DWORD=0 and changing the value from 0 to 1
A Better approach is to use a Win2K Group Policy Object (GPO) to hide the A drive. You can configure a policy to run before the OS comes up to disable A drive access from Explorer or My Computer while still allowing access to the drive from dialog boxes (e.g., the Save As dialog box) and from a command prompt. Open the Microsoft Management Console (MMC) Group Policy snap-in and navigate to User Configuration\Administrative Templates\Windows Components\Windows Explorer, where you'll find a policy to "Hide these specified drives in My Computer" and a policy to "Prevent Access to drives from My Computer." Seven default options restrict access to drives, but none of the options limit just A drive access. To limit A drive access, you can modify the default domain policy, System.adm.
To edit the default domain policy, use WordPad to open the System.adm file and search for NoDrives. You'll see the following:
POLICY !!NoDrives
EXPLAIN !!NoDrives_Help
PART !!NoDrivesDropdown DROPDOWNLIST NOSORT REQUIRED
VALUENAME "NoDrives"
ITEMLIST
NAME !!ABOnly VALUE NUMERIC 3
NAME !!COnly VALUE NUMERIC 4
NAME !!DOnly VALUE NUMERIC 8
NAME !!ABConly VALUE NUMERIC 7
NAME !!ABCDOnly VALUE NUMERIC 15
NAME !!ALLDrives VALUE NUMERIC 67108863 DEFAULT
; low 26 bits on (1 bit per drive)
NAME !!RestNoDrives VALUE NUMERIC 0
END ITEMLIST
END PART
END POLICY
POLICY !!NoViewOnDrive
EXPLAIN !!NoViewOnDrive_Help
PART !!NoDrivesDropdown DROPDOWNLIST NOSORT REQUIRED
VALUENAME "NoViewOnDrive"
ITEMLIST
NAME !!ABOnly VALUE NUMERIC 3
NAME !!COnly VALUE NUMERIC 4
NAME !!DOnly VALUE NUMERIC 8
NAME !!ABConly VALUE NUMERIC 7
NAME !!ABCDOnly VALUE NUMERIC 15
NAME !!ALLDrives VALUE NUMERIC 67108863 DEFAULT
; low 26 bits on (1 bit per drive)
NAME !!RestNoDrives VALUE NUMERIC 0
END ITEMLIST
END PART
END POLICY
The number that follows "VALUE NUMERIC" refers to the drives that the policy excludes. This value is a decimal number that corresponds to a 26-bit binary string, with each bit representing a drive.
A - 1 in the appropriate position in the string selects the drive, and a 0 doesn't. The value for just the A drive is 1, so you can add the following line to the Item list for the policy Above:
NAME !!AOnly VALUE NUMERIC 1
Then scroll down to the Strings section and define the menu choice that will come up. For example,
[strings]
AOnly="Restrict A drive only"
ABCDOnly="Restrict A, B, C and D drives only"
ABConly="Restrict A, B and C drives only"
ABOnly="Restrict A and B drives only"
ALLDrives="Restrict all drives"
COnly="Restrict C drive only"
DOnly="Restrict D drive only"
RestNoDrives="Do not restrict drives"
Close the system.adm file (save changes), and then open the Group Policy snap-in and choose your revised policy. The A drive won't map and your users won't experience the delay.