Microsoft only pre-configure a small amount of options for you. So for our needs we have to edit the Group Policy templates.

Use ConsoleOne find the appropriate user package and look up the Group Policy settings. You need to know where the Group Policy files are stored.

Browse to the folder and open the Adm sub-folder. Inside will be a file called system.adm. Now is a good time to make a backup copy, you will need to change the extension so that the system no longer recongnises it as a Group Policy template (for example save it as system.adm.<your initals>.<iso date>.

Use a text editor to open system.adm and look for the following section:

	  POLICY !!NoDrives 
            EXPLAIN !!NoDrives_Help
	    PART !!NoDrivesDropdown	DROPDOWNLIST NOSORT REQUIRED
		VALUENAME "NoDrives"
		ITEMLIST
		    NAME !!ABOnly           	VALUE NUMERIC	3
		    NAME !!COnly           	VALUE NUMERIC	4
		    NAME !!DOnly           	VALUE NUMERIC 	8
		    NAME !!ABConly          	VALUE NUMERIC 	7
		    NAME !!ABCDOnly        	VALUE NUMERIC	15
		    NAME !!HideDrives_Power    	VALUE NUMERIC 	67001984
		    NAME !!HideDrives_Student   VALUE NUMERIC 	67067780
		    NAME !!HideDrives_Staff    	VALUE NUMERIC	67067524	
		    NAME !!ALLDrives        	VALUE NUMERIC	67108863 DEFAULT 
                         ; low 26 bits on (1 bit per drive)
		    NAME !!RestNoDrives     	VALUE NUMERIC	0
		END ITEMLIST
	    END PART			
	END POLICY

        POLICY !!NoViewOnDrive
            EXPLAIN !!NoViewOnDrive_Help
	    PART !!NoDrivesDropdown	DROPDOWNLIST NOSORT REQUIRED
		VALUENAME "NoViewOnDrive"
		ITEMLIST
		    NAME !!ABOnly           	VALUE NUMERIC	3
		    NAME !!COnly            	VALUE NUMERIC	4
		    NAME !!Student_NoAccess         VALUE NUMERIC   67065732
		    NAME !!Power_NoAccess       VALUE NUMERIC   66999936
		    NAME !!Staff_NoAccess       VALUE NUMERIC   66999940
		    NAME !!DOnly            	VALUE NUMERIC 	8
		    NAME !!ABConly          	VALUE NUMERIC 	7
		    NAME !!ABCDOnly         	VALUE NUMERIC	15
		    NAME !!ALLDrives        	VALUE NUMERIC	67108863 DEFAULT 
                         ; low 26 bits on (1 bit per drive)
		    NAME !!RestNoDrives     	VALUE NUMERIC	0
		END ITEMLIST
	    END PART			
	END POLICY

You are interested in the following lines: !!<Staff|Student|Power>_NoAccess and !!HideDrives_<Staff|Student|Power>. The large numbers on these lines tell windows which drives to restrict. You will need calc.exe and the GPO_txt file to help you. You need to create a binary mask of drive to allow/deny and then convert that number to decimal in calc.exe.

Once you have the numbers you need, search the bottom of the system.adm template and find/add the following lines:

HideDrives_Student="Hide h,j-m,o,q-z(Student)"
HideDrives_Staff="Hide h,j-m,o,q-z(Staff)"
HideDrives_Power="Hide h,j-m,o,r-z(Power)"
Student_NoAccess="No Access to c,h-m,o,q-z(Student)"
Staff_NoAccess="No Access to c,h,j,k,m,o,r-z(Staff)"
Power_NoAccess="No Access to h,j,k,m,o,r-z(Power)"

The propery before the equals sign should match up with a line from the above section (where you had to enter the decimal number. The value on the other side of the equals is the text that will be presented to a user selecting this option using the Group Policy Editor (gpedit.msc). Obviusly this section of the file needs to be kept up to date with changes made in the above section ;-)