Share via

When i blocked C Drive my users can't able to use desktop,document and downloads

arwah abdalla 30 Reputation points
2024-05-05T18:05:05.7066667+00:00

Hello,

I'm using windows server 2022 from azure portal and i create users to have access my server, so when i created users in my server, users can they able to delete and create folder in C Drive.

After that i wanted to apply my users Group Policy about drives, so when i blocked C Drive using Group Policy and i enabled "prevent access to drives from my computer" my users can't able to use desktop,document,picture and downloads and they got massage saying "this operation has been cancelled due to restrictions in effect on this computer. please contact your system administrator"

So is there away to prevent access C Drive except "desktop,document,picture and downloads" ?

Thank you in advance.

Azure Virtual Machines
Azure Virtual Machines

An Azure service that is used to provision Windows and Linux virtual machines.

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. v-vvellanki-MSFT 4,920 Reputation points Microsoft External Staff
    2024-05-10T11:56:50.4333333+00:00

    Hi @arwah abdalla ,

    Thanks for contacting Microsoft Q&A platform.

    Quick and short answer for your question is follow below steps to achieve.

    1. Create a Security Group. Add the relevant users to this security group.
    2. Navigate to the folders you want to restrict (e.g., Desktop, Documents, Pictures, Downloads) on the C Drive.
      1. Right-click each folder, select "Properties," and go to the "Security" tab.
      2. Remove the "Users" group and add the security group you created in
    3. Open Group Policy Management Console (GPMC) on your Windows Server 2022 instance.
      1. Create a new Group Policy Object (GPO) or edit an existing one that applies to the users who need restricted access.
      2. Navigate to User Configuration -> Policies -> Administrative Templates -> Windows Components -> File Explorer.
      3. Enable the policy "Prevent access to drives from My Computer.

    Hope this helps you.

    Was this answer helpful?

    0 comments
  2. Sina Salam 29,016 Reputation points Volunteer Moderator
    2024-05-06T11:55:16.4366667+00:00

    Hello arwah abdalla,

    Welcome to the Microsoft Q&A and thank you for posting your questions here.

    Problem

    Sequel to your questions, I understand that you are managing a Windows Server 2022 instance on Azure and has set up user accounts for server access. Initially, in assumption users had full control over the C Drive, including folder creation and deletion. However, the user aimed to enhance security by implementing Group Policy to limit C Drive access. After applying this policy, users faced difficulty accessing essential folders like Desktop, Documents, Pictures, and Downloads, receiving an error message citing imposed restrictions. You seek a solution to restrict C Drive access while maintaining access to specific folders.

    Scenario

    As the administrator of a Windows Server 2022 instance on Azure, you've created user accounts to facilitate server access. Initially, users enjoyed unrestricted access to the C Drive, affording them the ability to manage folders. In an effort to bolster security, you opted to enforce Group Policy to curtail C Drive access. However, upon implementing this policy and enforcing "prevent access to drives from my computer," users encountered obstacles. They found themselves unable to reach crucial folders like Desktop, Documents, Pictures, and Downloads, encountering error messages indicating imposed restrictions. Now, you're tasked with finding a solution to limit C Drive access while preserving access to these essential folders.

    Solution

    This prescribed solution was based on the scenario given and your questions, while focusing on the problem statement.

    Let me start from your question:

    so when i created users in my server, users can they able to delete and create folder in C Drive.

    Absolutely, they will have access to everything on the Server.

    My question to you:

    1. Do you create a local user account or Active Directory user account?
    2. What resources do you want your users to access on the server?

    If you answer the above questions it might guide on how to provide a better answer to your scenario.

    However, based on the question and your scenario.

    1. Create a Security Group. Add the relevant users to this security group.
    2. Navigate to the folders you want to restrict (e.g., Desktop, Documents, Pictures, Downloads) on the C Drive.
      1. Right-click each folder, select "Properties," and go to the "Security" tab.
      2. Remove the "Users" group and add the security group you created in
    3. Open Group Policy Management Console (GPMC) on your Windows Server 2022 instance.
      1. Create a new Group Policy Object (GPO) or edit an existing one that applies to the users who need restricted access.
      2. Navigate to User Configuration -> Policies -> Administrative Templates -> Windows Components -> File Explorer.
      3. Enable the policy "Prevent access to drives from My Computer.

    Finally

    You can use different medium to perform the above steps either local user account or Active Directory or PowerShell. In summary, you can effectively restrict access to the C Drive while allowing access to specific folders like Desktop, Documents, Pictures, and Downloads for the designated users. Also, you can think of creating a profile for each user without having access to the main Server but having a separate profile on the Server.

    References

    Kindly read more from the additional resources provided by the right side of this page.

    Accept Answer

    I hope this is helpful! Do not hesitate to let me know if you have any other questions.

    Please remember to "Accept Answer" if answer helped, so that others in the community facing similar issues can easily find the solution.

    Best Regards,

    Sina Salam NR.

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.