SEARCH

How-To Geek

How To Restrict Access To Drives In My Computer In Windows

If you have a shared or public computer that several people use, you might want to restrict access to it’s drives to prevent users from deleting important data. Today we look at restricting access to some or all drives on the machine using Local Group Policy.

Note: This method uses Local Group Policy Editor which is not available on home versions of Windows 7 or Vista

First type gpedit.msc in the search box of the Start Menu and hit Enter.

gpedit_start

Now navigate to User Configuration \ Administrative Templates \ Windows Components \ Windows Explorer. Then on the right side under Setting, double click on Prevent access to drives from My Computer.

2drive

Select Enable then under Options from the drop down menu you can restrict a certain drive, a combination of drives, or restrict them all. The main drive you would probably want to restrict is the C:\ drive or which ever lettered drive Windows is installed on. Restricting all drives means they can’t access the CD or DVD drive, and cannot use a flash drive if they need to get files from it.

Note: This setting won’t prevent users from using programs that access the local drives.

drive

The restrictions take effect immediately, no restart is required. When a user opens up My Computer they’ll be able to see which drives are listed, but when they try to access a restricted drive, they’ll get the following error message.

1-drive 

For the screenshots in this tutorial we used Windows 7 Ultimate, but this process also works with XP Professional and Vista (not in Home versions) the screens just look different.

22drive

Local Group Policy allows you to customize several settings for how you want to administer your machine. Restricting access to certain drives in addition to other security and access measures, can help  keep a shared computer stable and secure.

Brian Burgess worked in IT for 10 years before pursuing his passion for writing. He's been a tech blogger and journalist for the past seven years, and can be found on his about me page or Google+

  • Published 12/29/09

Comments (20)

  1. uttaradhaka

    Very useful guys.. Thanks

  2. Rick Damiani

    This dosn’t stop access to programs or files when you know where they are, but it makes doing things like opening files or saving them to a different location much more error prone than it should be. So it’s a minor speed bump for the people who can do some damage, and a frustrating headache for the less experienced.

  3. jawahar

    Thank you, Good information

  4. Daniel

    For me it does not work properly.

    If I use these group policy even the Administrator no longer have access.

    What am I doing wrong?

  5. volvo

    very usefull post guys…

  6. chitkarsh

    thanks for posting this useful post.
    but it gets its limits when other drives such as e: or f: drive needs to be locked.
    any help about it?

  7. Ankur

    Hi,

    I couldn’t find the option on my pc, I am using Win XP Pro 2002 SP2. Please help. Also tell if its is to be done by admin through admin a/c or through user’s a/c.

  8. swapnil dabholkar

    Dear Friend,
    It really worked, but other than a,b,c,d drive it doesnot work on other drives
    please give the solution for this.

    thanks

  9. sandeep

    thanks for posting this.
    but i want other drives such as e: or f: drive needs to be locked.
    any help about it?

  10. shankar

    it is a good approach. but an unwanted user can change the setting again n can access the drive.
    what in that case?

  11. Shamos

    Hi Guys

    This not good policy , i created this to some admin users they are resbonsible of installing software

    i wanted to prevent them to copying files inside program files , but this policy has a gap !! what is this?

    they can login with any normal user and when UAC asks for username and passord then it will work

    with this administrator.

  12. Jyri Aikola

    Is there a way to do this so that it only applies to some accounts? If i do this it also blocks the admin account from using the files and folders.

  13. Prabhu.Rajan

    Thanks for the useful information.

    Any way we can Prevent the access of the predifined drive only. How can we prevent the access the other than the predefined drives in the GPO.

  14. Manna

    You could use User confog->Adminstrative templates->Windows Components and restrict access to drives that aren’t predefined like USB.

    @Jyri: to exclude adminstrators from being restricted access, make a security group for users you wanna restrict access to, add all the users (that you wanna restrict to this group) and set the gpo in such a way that it applies only to this security group and no one else.

  15. Manna

    The emntioned method works on the local security policy hence the case where administrators are also being restricted access

  16. Daniel Prince

    I do not find Windows Explorer in Windows Components!! What should I do? :(

  17. Daniel Prince

    And this is applicable foe which type of Users?

  18. Dan Krajewski

    You can hide or restrict any combinations by editing the ADM file to show more options like restrict H:

    Here is the link:

    http://support.microsoft.com/kb/231289

  19. xyz

    jhgk

  20. Deepak Sharma

    Dear Sir it very use full but if you want to share a one folder or one drive can it possible in can access the desktop folder or somethink any one drive to access it

    because when i use the option all drive locked it lock the any one and after that i am delete one file from my desktop it deleted when you lock all of that the file should not deleted sir

    but i am able to use in LAN Networking it working very fine

    keep it up you are great

    thanks

    Deepak Sharma
    M. 7877320005

Enter Your Email Here to Get Access for Free:

Go check your email!