Share via

How to properly restrict access of Another User or a Guest Account on all the active drives on my Windows 10 pro

Anonymous
2018-06-09T19:57:48+00:00

Couple of times I had to face this issue where on trying to restrict another User or a Guest account from having full read and write access to all the drives and data on the system by adding my local admin account in the locations below or inheriting complete permissions from the Advanced menu I ended up restricting myself from accessing any of the drives and all the Windows apps and features stopped opening up.

For e.g. - Microsoft Edge failed to open up and simply disappears after showing a splash screen for itself, Action center and Start menu stops opening up which is same for most of the other apps and services.

(This screenshot is after I had to reset the OS and start all over again)

The moment I add my offline local admin account on any of the disk(s) and inherit or replace permissions control to my account from a previous profile it corrupts the functioning of Windows apps and services which are dependent on these drives to run.

An "Account Unknown" SID comes up which I assume to be the culprit. idk.

(The last SID tag is my account and no longer is see the Account Unknown SID as I haven't made any changes yet to test the response

Is there any other effective way of doing this without restricting my access in my offline admin account (or online account) to all the drives and data except for the Guest or Another User account and to avoid resetting the OS again and again to recover my control on the system.

Thanks.

Windows for home | Windows 10 | Security and privacy

Locked Question. This question was migrated from the Microsoft Support Community. You can vote on whether it's helpful, but you can't add comments or replies or follow the question.

0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Anonymous
    2018-06-09T20:30:07+00:00

    I share 6 drives with up to 6 PC's. If you do not select a drive to share, then it is not shared across your network.

    However, users on the same PC, they will have access unless you change ownership and/or permissions for users in the security settings.

    My advice is to take ownership of the drives, remove all users in the list, and then add only yourself with full permissions.

    How to share:

    https://answers.microsoft.com/en-us/windows/forum/windows_10-networking/connecting-pcs-and-users-for-sharing/fb92e439-5dbc-4367-9857-1ef360e9ffdf

    How to take ownership of any item and set users or permissions per item.

    How to take ownership of any item:

    Right Click on any Item>>Properties>>Security Tab>>Advanced

    You can see here that TRUSTED INSTALLER is the Owner and all the user names listed below that can run Disk Cleanup.

    Now you take Ownership of the Item:

    Now you select CHANGE next to OWNER.

    Advanced>>Find Now>>Select your user account name in the list>>OK

    Apply>>Verify OK. Now you are the Owner of that file cleanmgr.exe.

    Now select Disable Inheritance.

    (This removes all the users in the list. Enabling it again will replace them back into the list)

    If it does not remove them, then manually remove each of them.

    Now you MUST ADD Your Name to the User List:

    Now select ADD>>Select a Principle>>Advanced>>Find Now>>Select your user account name in the list>>OK>>OK

    Now select full control permissions box>>OK

    Now you are the owner and the only user on the list with full permissions for Disk Cleanup..

    RESTART PC

    6 people found this answer helpful.
    0 comments
  2. Anonymous
    2018-06-13T09:38:48+00:00

    I share 6 drives with up to 6 PC's. If you do not select a drive to share, then it is not shared across your network.

    However, users on the same PC, they will have access unless you change ownership and/or permissions for users in the security settings.

    My advice is to take ownership of the drives, remove all users in the list, and then add only yourself with full permissions.

    How to share:

    https://answers.microsoft.com/en-us/windows/forum/windows_10-networking/connecting-pcs-and-users-for-sharing/fb92e439-5dbc-4367-9857-1ef360e9ffdf

    How to take ownership of any item and set users or permissions per item.

    How to take ownership of any item:

    Right Click on any Item>>Properties>>Security Tab>>Advanced

    You can see here that TRUSTED INSTALLER is the Owner and all the user names listed below that can run Disk Cleanup.

    Now you take Ownership of the Item:

    Now you select CHANGE next to OWNER.

    Advanced>>Find Now>>Select your user account name in the list>>OK

    Apply>>Verify OK. Now you are the Owner of that file cleanmgr.exe.

    Now select Disable Inheritance.

    (This removes all the users in the list. Enabling it again will replace them back into the list)

    If it does not remove them, then manually remove each of them.

    Now you MUST ADD Your Name to the User List:

    Now select ADD>>Select a Principle>>Advanced>>Find Now>>Select your user account name in the list>>OK>>OK

    Now select full control permissions box>>OK

    Now you are the owner and the only user on the list with full permissions for Disk Cleanup..

    RESTART PC

    Thank you Seahawk.

    But Here I'm trying to restrict access of any other User (Guest or Admin) to the drive partitions available on the system.

    I can put restrictions on an app or apps but it'd just take a lot of time to as it's not a batch operation.

    Secondly, this is what I'm talking about if I add my local admin account by removing all the other User profiles from C: drive for example to take and restrict access to it, It'd make the Windows apps, features and services stop opening up as well like the Start menu, Action Center, etc for me as well.

    Last time removing Trusted Installer profile wrecked the system.

    These are the Current profiles on the drives and I'm just not sure which ones to remove to test it out again.

    The SID account on the drives also doesn't match with Mine's in the Registry :

    Thank you.

    2 people found this answer helpful.
    0 comments
  3. Anonymous
    2018-06-13T17:53:04+00:00

    Trusted user account is not a user that is a physical person on your PC.

    Forget the registry, you are not doing anything in there that is going to change anything.

    I Think you are a bit confused and making this more difficult than it is.

    Starting with C:\OS drive. Nobody has access to your user account. Only public is shared. So the only thing left is

    C:\Program Files

    C:\Program Files (x86)

    C:\Windows

    For these 3 above, remove users, guest and administrators and add your user name in the list full control. But you need to take ownership first so you are able to do this.

    I have no idea why you would have SID S-1-5-21 ………… as the owner of any drive. You need to take ownership of them or change to system for owner. This will not cause Windows apps, features and services to stop opening up as well like the Start menu, Action Center, etc. Impossible.

    When taking ownership, the key is the users in the list and the permissions they are granted. But by you taking ownership, gives you the ability to assign users and their permissions.

    Now for any other partitions or drives, removing trusted installer does not cause any negative effect. Removing all users on drives also has no effect. You Take ownership of them and add your user name in the user list with full permissions.

    You simply take ownership of each drive or partition, disable inheritance and add yourself .

    For additional drives, nobody can access them over the network from other PC's or devices unless you select advanced sharing and share them.

    6 people found this answer helpful.
    0 comments