[OpenAFS-devel] Windows Terminal Server

[Tim Spriggs]

Hi Jeffrey,

> Could you explain how you would have OpenAFS deny the user the ability
> to execute "NET USE G: /D"?

Good question. I can disable the gui forms of disconnect with gpedit.msc
but that does not prevent applications (such as net or openafs) from
mounting/unmounting new drive letters. (What a pain)

It also looks like "net use G: /D" does not care if files are opened or
not. I'm not familiar with the windows API but it really seems odd to me
that there is no kind of persistant network share that can be made
available to users (that isn't deprecated). I guess I am just too used to
Unix-isms.

> If you really want a drive letter, you could simply install a short
> program in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run that
> creates the mapping.   You can even bundle the addition of this tool
> into an arizona.edu transformed version of the OpenAFS MSI for your
> users.

I guess this kind of scheme will have to suffice.

Thanks for all of your responses! I appreciate your time and expertise!

Sincerely,
-Tim