Is it possible to hide the my network places icon (using GPO or any other means possible) from windows explorer of all client machines on the network and only make available mapped drives that they need to access.
I have the necessary groups and OU's in place, I do not want to deny complete access to network resources, but merely want to take out unnecessary shortcuts and other details from the user account policies.
This is a little tricky in W2K8 and W2K8R2. There are a couple of GPO settings to hide the network but I haven't found them to work all that well. One thing you can do is to disable Network Discovery on the client machines. This should effectively "hide" the network contents and as long as the users are not local admins they shouldn't be able to enable Network Discovery.
There is a registry entry you can make to enable disable this.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum] "{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}"=dword:00000001
You can still access network shares etc.