This entry restricts access to the CDs in the CD-ROM drives to the user currently logged on to the computer. In this mode, CDs are allocated to the user as part of the interactive logon process and are freed for general use or for reallocation only when that user logs off. This parameter satisfies part of the C2 security requirement that removable media must be securable. If this value entry is not added, the contents of the CDs in the drives will be available to all domain administrators remotely.

Hive: HKEY_LOCAL_MACHINE
Key: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: AllocateCDRoms
Type: REG_DWORD
Value: 1 restrict to user logged onto console.

Actually this limits access to the INTERACTIVE group. There is a potential gotcha! when this security setting is implemented. If you are logged onto the box and run an install that runs not under your security context but as SYSTEM (some things do install using SYSTEM). Unfortunately the SYSTEM account is not a member of the INTERACTIVE group and thus will not have access to the CDROM. You will have to turn the AllocateCDRoms setting off to give the SYSTEM account access to the local CDROM.