question

Dan-2464 avatar image
0 Votes"
Dan-2464 asked FanFan-MSFT commented

Limit user account access/permissions

Hey

I've made a separate user account on my laptop. How do i block access from the new account to all the content on my hard drive?

  • I only want the new account to have access to the internet browser, and no files on my harddrive.


I have Windows 10 Home.

Thanks!

windows-10-security
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

cooldadtx avatar image
0 Votes"
cooldadtx answered

It is not possible to block a user account from accessing the hard drive as you cannot have a local profile without one.

You can limit what the user has access to but, again, they need at least read access to the Windows directory where the OS files reside. For most everything else you can remove the read access in the file system. However I suspect you'll need to still give them read access to at least the shared files sitting in the Program Files and Program FIles (x86) folders. Additionally there are going to be other locations they'll need read access to. Personally, if they are just a standard user then Windows should already be reasonably locked down for them. They won't be able to read or modify any data beyond their own and shared data.

To allow a user to only use the web browser then you'll want to use Group Policy Editor to whitelist the allowed program(s) the user can run. In this case just the browser(s) you specify.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

FanFan-MSFT avatar image
0 Votes"
FanFan-MSFT answered FanFan-MSFT commented

Hi,

Yes, we can do this through the group policy: Prevent access to drives from My Computer.
1, Create the group policy object through MMC.MSC.
2, Apply this GPO only to the new user
3, User Configuration > Administrative Templates > Windows Components > File Explorer
In the right side of the screen, scroll down to find a policy that is called:
Prevent access to drives from My Computer, select restrict all drives.
Refresh the group policy.

115177-7162.jpg


Since the drives was restricted for the user, before you configure the Group Policy, you shall complete all installations and settings in C drive or other drives.


7162.jpg (167.1 KiB)
· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.


Hi,
If this question has any update?
Welcome to share your current situation.
Please feel free to let us know if you need further assistance.
Best Regards,

0 Votes 0 ·

Hi,
If there are any updates, welcome to share here!
Best Regards,

0 Votes 0 ·