Restrict Users to Store Data in Local Drive, Desktop, Document, Downloads Etc

Prateek Singhal 1 Reputation point

What would be the proper way to restrict users from Storing Data in Local Drive, Desktop, Document, Downloads Etc.

I want to deploy this policy on Hostname basis and not for specific user because that will restrict the same user to access Storage on his other systems where he logins.

What could be the possible solution? Please suggest!

Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,538 questions
A family of Microsoft operating systems that run across personal computers, tablets, laptops, phones, internet of things devices, self-contained mixed reality headsets, large collaboration screens, and other devices.
4,933 questions
Windows Server Security
Windows Server Security
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
1,762 questions
0 comments No comments
{count} votes

5 answers

Sort by: Most helpful
  1. udara peiris 676 Reputation points

    Create a Group policy object and configure following setting on that to block disk C:

    User Configuration \ Administrative Templates \ Windows Components \ Windows Explorer. Then on the right side under Setting, double click on Prevent access to drives from My Computer.

    Then, Select Enable then under Options from the drop down menu you can restrict a certain disk.


    Then you can link that GPO into the OU where your PCs are located.

    To restrict desktop, You can do like following,

    1. Create a Group Policy Object, go to Computer Configuration > Policy > Windows Settings > Security Settings > File System
    2. Right click and add %userprofile%\Desktop ( or another different folders that you want to restrict)
    3. Then Specify the permissions
    3 people found this answer helpful.

  2. Naresh 6 Reputation points

    Hi Team,
    I have tried this but policy does not applied, not getting restricted. Please suggest what is the causing the issue.

    I did this for desktop restriction but not working

    1. Create a Group Policy Object, go to Computer Configuration > Policy > Windows Settings > Security Settings > File System
    2. Right click and add %userprofile%\Desktop
    1 person found this answer helpful.

  3. Vicky Wang 2,646 Reputation points

    Just checking in to see if the information provided was helpful. Please let us know if you would like further assistance.
    Best Regards,

    0 comments No comments

  4. Vicky Wang 2,646 Reputation points

    Just want to confirm the current situations.
    Please feel free to let us know if you need further assistance.
    Best Regards,

    0 comments No comments

  5. RCDA Webmaster 281 Reputation points

    That sounds like a good idea as this prevents users from writing to the C drive. Also this prevent folks from saving to the desktop. This will force folks to put files on a thumb drive and use them from there.

    When programs like the zoom client need to be updated at the start of a meeting, I don't want folks calling me because they can't get in due to an inability to update the client. Also some folks use other meeting software like WebEx.

    0 comments No comments