none
Windows 10 GPO to lock down search access to unc and c:\

    Question

  • Hi

    I am trying to setup Windows 10 Education for my domain and am having issues with the search bar. I have locked down the All Apps section and use a redirected desktop to a UNC share for the application shortcuts. However, I want the users to be able to use the basic search. I have turned off cortana and web search via GPO and I have set the "Remove Run Menu from Start Menu" GPO to enabled. Which does prevent UNC share access in an open Window and C:\ access but if you place c:\ or a UNC share path into the Windows 10 search on the task bar you still have access.

    At present I have local M
    y documents folder because they use large applications like Photoshop CC and it works better when running from the local My documents and then copying to a networked home folder when they are finished. I have also tried denying access to the c:\ under the GPO for User Config > Admin Temp > Windows Components > File Explorer > "Prevent access to drives from My Computer" but whilst this stops all access to c:\ it then means you cant use local My documents and sadly UNC paths are still able to be browsed to through the search.

    Has anyone come across this issue so far. I have tried looking at blogs and Google searches but the only stuff out there points to the GPO's I have already mentioned which don't stop UNC from search.

    Surely Microsoft hasn't released a product with search facillity that cant lock UNC access for standard users. The only way i can stop this at present is to remove the search option from the task bar. 
    Which is rubbish


     I also cant find a way to redirect the All Apps menu through a GPO. If I could do this I would turn off search. So it seems that the only setting I can push out is a redirected Desktop and whilst this is good it means you have to know where all the shorcuts live in each folder on the desktop in order to open an application.


    Any help would be greatly appreciated


    kind regards

    Simon

    Thursday, June 30, 2016 2:21 PM

All replies

  • Hi Simon,

    Thanks for your post.

    I have tested again and the result is same with yours.

    In my opinion, the setting “Remove Run Menu from Start Menu” did apply to the “Search” of Windows 10. And this behavior maybe is by design.

    In my personal view, remove the search opinion from task bar is the only way to achieve your goal.

     I also cant find a way to redirect the All Apps menu through a GPO. If I could do this I would turn off search. So it seems that the only setting I can push out is a redirected Desktop and whilst this is good it means you have to know where all the shorcuts live in each folder on the desktop in order to open an application.

    >>>I assume what you are talking is folder redirection. You could try to create a shortcut for application on desktop. Then redirect desktop.

    Best Regards,

    Jay


    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, July 1, 2016 4:46 AM
    Moderator
  • Hi Jay

    I already have the desktop redirected to a networked folder of shortcuts. But as mentioned previously this requires all users to know exactly where the shortcuts for each program is stored. i.e. we have subject specific shortcuts and around 10 folders on the desktop and around 100 applications. So, it is a bit unfair to expect new starters to learn the locations of software.

    In windows 7, you could redirect the start menu and desktop so they looked the same and then it didn't matter if you turned off the search functionality but, with windows 10 it seems that the only customisation available is to redirect the desktop and turn off the all apps folder (or they can get to all applications) and as you mention to turn off search.

    What is the point of having a start menu that doesn't have programs or a search function?

    Surely this is a security design fault with Windows 10, They cant possibly say the only option to stop a user from searching an UNC share is by turning of the search bar....that is rubbish. So much so that I will not use Windows 10 as a product in a education environment.  

    Would you know how I contact someone at Microsoft to discuss the future releases of Windows 10 group policies to incorporate this customisation

    Lastly, can I say thank you for replying to me. I have posted on many forums now and either I am really ahead of the game and nobody has come across this or nobody is using Windows 10 in education environments. Anyway, you are the only person to reply to my posts. So its appreciated.

    Thanks again

    Simon  

    Friday, July 1, 2016 3:33 PM
  • Hi Simon,

    I have just hit the same problem in education on 1607 LTSB.  Did you get anywhere with it?

    Thanks

    Claire

    Tuesday, February 13, 2018 10:51 AM