If you have a shared or public computer that several people use, you might want to restrict access to it’s drives to prevent users from deleting important data. Today we look at restricting access to some or all drives on the machine using Local Group Policy.
Note: This method uses Local Group Policy Editor which is not available on home versions of Windows 7 or Vista
First type gpedit.msc in the search box of the Start Menu and hit Enter.
Now navigate to User Configuration \ Administrative Templates \ Windows Components \ Windows Explorer. Then on the right side under Setting, double click on Prevent access to drives from My Computer.
Select Enable then under Options from the drop down menu you can restrict a certain drive, a combination of drives, or restrict them all. The main drive you would probably want to restrict is the C:\ drive or which ever lettered drive Windows is installed on. Restricting all drives means they can’t access the CD or DVD drive, and cannot use a flash drive if they need to get files from it.
Note: This setting won’t prevent users from using programs that access the local drives.
The restrictions take effect immediately, no restart is required. When a user opens up My Computer they’ll be able to see which drives are listed, but when they try to access a restricted drive, they’ll get the following error message.
For the screenshots in this tutorial we used Windows 7 Ultimate, but this process also works with XP Professional and Vista (not in Home versions) the screens just look different.
Local Group Policy allows you to customize several settings for how you want to administer your machine. Restricting access to certain drives in addition to other security and access measures, can help keep a shared computer stable and secure.
- Published 12/29/09