Recently I was asked by an Administrator why the option to manage disks was missing from the Computer Management Tool (compmgmt.msc), although he wasn’t restricted by any group policy or RES Workspace Manager (Lockdown and behavior) setting, as far as he could see.
At first I thought some old forgotten policy was causing this, but after a quick search it became clear this was caused by RES Workspace Manager. Using regedit to look for registry keys causing this behavior I stumbled upon this key:
with REG_DWORD value:
Searching for the effect of this registry value I found this website, and became aware this was the one value being responsible for the problem we experienced with the missing Disk Management snap-in. To track the origin of this policy key I ran a procmon trace and discovered pfwsmgr.exe being the culprit. Being unaware where this policy was coming from within RES Workspace Manager, I tried to pinpoint the issue by creating a non-intrusive Workspace Container, with a single client being member of it. After disabling all components of RES Workspace Manager within the non-intrusive Workspace Container, the problem disappeared.
Fiddling around disabling and enabling certain sections it became clear using the Removable Disks Security feature was responsible for the missing snap-in. By enabling the Removable Disks Security option, the Disk Management snap-in disappeared, after disabling the Removable Disks Security it appeared again. Just disabling this feature isn’t an option in this particular situation since the “Map removable disk to first available drive letter starting from:” option is needed, and therefore the complete Removable Disks Security feature must be enabled. Too bad it isn’t possible to only enable the “Map removable disk to first available drive letter starting from:” option. Perhaps something for uservoice 🙂
Because of the need to use this feature, I configured an autostart application containing a configuration option to delete the registry-entry responsible for the missing snap-in. The choice for an autostart application was made based on the timing of pfwsmgr.exe to set this registry value: at the end of the login initialization. Because there already was an autostart application configured to resolve the Windows Recent Places issue, I added a simple registry key action at the configuration tab of that application:
Simply target this action on Domain Admins or a similar group you want to be able to edit disks, although the “Map removable disk to first available drive letter starting from:” option is enabled.