Disable file:// access in MS Edge

Question

I am looking for a way to disable access to view files in MS Edge using the file:// protocol. We have an environment we need to highly restrict. Users have already been blocked from accessing or reading local or unc paths in File Explorer; however, those same user accounts are able to view the local and unc directories in MS Edge using File://

I have looked over every policy setting in the edge.admx files and nothing appears to disable this ability. Nor can I find anything online about how to disable it.

Answer 1

Figured this out with an answer from another forum. Just add file://c:\ to the Block URL list in Edge GPO policies.

Answer 2

Hello there,

If you set this policy 'DefaultFileSystemReadGuard' Setting you can list the URL patterns that specify which sites can't ask users to grant them read access to files or directories in the host operating system's file system via the File System API.

You can find more about policies from here https://learn.microsoft.com/en-us/previous-versions/windows/edge-legacy/available-policies

--------------------------------------------------------------------------------------------------------------------------------

--If the reply is helpful, please Upvote and Accept it as an answer--

Answer 3

Unfortunately just blocking file://c:\ can be bypassed pretty easily. For example, any of the following could work

file://127.0.0.1/C$

file://localhost/C$

file://<computers-hostname>/C$

file://<external-domain-name-that-resolves-to-127.0.0.1/C$

The GPO state that wildcards with the file scheme don't work as intended (file://*) so it's unclear if there's a way to actually lock this down.