Prevent Windows Explorer DLL Searching in UNC home Folder?
I'm investigating some response issues with Windows Explorer when a user's
home drive is mapped to a network share. During my network captures I see
that if I launch a local program, such as Calculator or Word 2003, that it
performs several queries to my home drive looking for wshenv.dll.
If I'm in Windows Explorer and click on an Excel file to open it, for
example, then I see several queries for shell32.dll in my home directory.
I've enabled the safedllsearchmode and safeprocesssearchmode, but I'm still
seeing these DLL queries. In addition I enabled the StartRunNoHomePath option
as well. However, per KB 264061 if the HOMEDRIVE path is defined it will
still be searched. I confirmed this variable is defined, which explains why
this didn't help prevent the searches.
This also seems to present some security risk, as a user could place a DLL
in their home folder and Explorer would possibly run it given that it
searches there very frequently.
One of our goals is to minimize WAN traffic. And as far I can tell, these
queries are not useful and just put extra traffic on the WAN whenever anyone
starts a program or clicks on a file.
Any ideas on putting a damper on all DLL searches in a user's home folder?
This is with Windows XP SP2 in a domain environment.
Re: Prevent Windows Explorer DLL Searching in UNC home Folder?
IT Guy <ITGuy@discussions.microsoft.com> wrote:
> I'm investigating some response issues with Windows Explorer when a
> user's home drive is mapped to a network share. During my network
> captures I see that if I launch a local program, such as Calculator
> or Word 2003, that it performs several queries to my home drive
> looking for wshenv.dll.
>
> If I'm in Windows Explorer and click on an Excel file to open it, for
> example, then I see several queries for shell32.dll in my home
> directory.
>
> I've enabled the safedllsearchmode and safeprocesssearchmode, but I'm
> still seeing these DLL queries. In addition I enabled the
> StartRunNoHomePath option as well. However, per KB 264061 if the
> HOMEDRIVE path is defined it will still be searched. I confirmed this
> variable is defined, which explains why this didn't help prevent the
> searches.
>
> This also seems to present some security risk, as a user could place
> a DLL in their home folder and Explorer would possibly run it given
> that it searches there very frequently.
>
> One of our goals is to minimize WAN traffic. And as far I can tell,
> these queries are not useful and just put extra traffic on the WAN
> whenever anyone starts a program or clicks on a file.
>
> Any ideas on putting a damper on all DLL searches in a user's home
> folder? This is with Windows XP SP2 in a domain environment.
I'm not really sure I see where the problem is, but why not stop using home
directories entirely? You don't need them anymore - they're archaic. Just
use folder redirection. See
How to dynamically create security-enhanced redirected folders by using
folder redirection in Windows 2000 and in Windows Server 2003
\http://support.microsoft.com/kb/274443
....although I'm not sure where the WAN enters into it. You should have the
home directories or redirected folders going to a local server.
Prevent Windows Explorer DLL Searching in UNC home Folder? 
Linear Mode
