Question : Terminal Services lock down question

I have a TS server setup for users which is heavily locked down via group policy.  Bascially users are restricted to really only running a database application.
I now need the users to be able to transfer documents to their local machines using by them enabling local resources and selecting the C drive of their laptops.
The problem I have is I denied them access to My computer which was great as they couldn't get into the drives and mess about with files, however this also prevents them from seeing their local drive mapped through TS.  If i re-enable my computer they can see their drives and this also give them full access to the local drives which is a security risk.  Is there an easy way with group policy to only allow them to see their local mapped drive, not the local drive on this server?

I did think about creating an AD group and denying the group access to the local drives at a file level then add users to this group, just wondered if this would cause we any other issues or if there is an easy way through group policy?

thanks

Answer : Terminal Services lock down question

I would suggest removing the TZ170's and just use the Cisco's. The throughput on the devices are similar, if a little better for the Cisco. So replacing the TZ170 with the RV042 should be fine.

You could get Enhanced OS for the TZ170 or upgrade to a TZ100 to get dual-WAN on the SonicWALL. But since the Cisco supports that already, I would switch over to using them completely.

Here are the datasheets to compare throughput for reference:
http://www.sonicwall.com/us/products/TZ_170_Series.html
http://www.cisco.com/en/US/prod/collateral/routers/ps9923/ps9925/data_sheet_c78-501225.html