question

LewisHill-7669 avatar image
0 Votes"
LewisHill-7669 asked Anoop-C-Nair-MVP answered

How do I restrict access to C drive using Intune

I would like to block access to the C drive for a certain group of users. These users access devices that are enrolled in Intune. The policy must meet the following requirements;

No access to C drive
No ability for user to edit content in C drive
All apps used on device that require C drive access must be unaffected by this restriction
Policy must apply to select group of users
Policy must apply to devices that are both Hybrid Azure AD domain-joined and Azure AD domain-joined

I am familiar with achieving this using Group Policy but would like to use Intune instead. I have been exploring the options in Intune - specifically by creating a device configuration profile, but have so far been unsuccessful.

Any help would be appreciated.

mem-intune-device-configurations
· 2
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Crystal-MSFT avatar image Crystal-MSFT ·

anonymous user, From your description, I know you want to restrict access to C drive for some users. if there's any misunderstanding, please let us know.

Based as i know, C drive contains the files which is OS related.
C:\WINDOWS folder contains the files that, in turn, contain the code to run the OS.
C:\Users store the information of user profile.
C:\Program Files or C:\Program Files (x86) store the application installed on the device.

To restrict user to access C drive may cause login issue and etc. Could you let us know why we want to restrict user to access C drive?

0 Votes 0 ·
Crystal-MSFT avatar image Crystal-MSFT Crystal-MSFT ·

anonymous user, How are things going? Could you provide the above information to us? Thanks and I look forward to your reply.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


0 Votes 0 ·

4 Answers

EswarKoneti-MVP avatar image
0 Votes"
EswarKoneti-MVP answered EswarKoneti-MVP edited

no access to C drive-->you can use custom CSP to restrict the storage (restrictlocalstorage) https://docs.microsoft.com/en-us/windows/client-management/mdm/sharedpc-csp
you can apply this CSP policy to a policy to group of users.
Make sure the user is standard user and not part of administrator group to restrict from installing any apps.

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Jason-MSFT avatar image
0 Votes"
Jason-MSFT answered

I am familiar with achieving this using Group Policy but would like to use Intune instead

And what exactly would you do using Group Policy?

All apps used on device that require C drive access must be unaffected by this restriction

This is not possible as you don't grant or restrict applications access in Windows. All access is based on the user launching the application.



5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

sheahandc avatar image
0 Votes"
sheahandc answered

@EswarKoneti-MVP You are correct.

Please find below thread for the step by step actions to restrict the C drive.

can-intune-block-access-to-c-drive


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Anoop-C-Nair-MVP avatar image
0 Votes"
Anoop-C-Nair-MVP answered

I have done some work in the lab to implement a policy similar to that you are looking for (I think). I don't know whether Prevent Users to Save Files on Local Drives Desktop using Intune would help you or not. But it's worth a try in the staging environment.


KR
Anoop
https://www.htmdcommunity.org/


5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.