Limit user account access/permissions

Dan 1 Reputation point
2021-07-15T13:23:13.067+00:00

Hey

I've made a separate user account on my laptop. How do i block access from the new account to all the content on my hard drive?

  • I only want the new account to have access to the internet browser, and no files on my harddrive.

I have Windows 10 Home.

Thanks!

Windows 10 Security
Windows 10 Security
Windows 10: A Microsoft operating system that runs on personal computers and tablets.Security: The precautions taken to guard against crime, attack, sabotage, espionage, or another threat.
2,777 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Michael Taylor 49,071 Reputation points
    2021-07-15T13:35:55.143+00:00

    It is not possible to block a user account from accessing the hard drive as you cannot have a local profile without one.

    You can limit what the user has access to but, again, they need at least read access to the Windows directory where the OS files reside. For most everything else you can remove the read access in the file system. However I suspect you'll need to still give them read access to at least the shared files sitting in the Program Files and Program FIles (x86) folders. Additionally there are going to be other locations they'll need read access to. Personally, if they are just a standard user then Windows should already be reasonably locked down for them. They won't be able to read or modify any data beyond their own and shared data.

    To allow a user to only use the web browser then you'll want to use Group Policy Editor to whitelist the allowed program(s) the user can run. In this case just the browser(s) you specify.

    0 comments No comments

  2. Fan Fan 15,301 Reputation points Microsoft Vendor
    2021-07-16T00:27:52.513+00:00

    Hi,

    Yes, we can do this through the group policy: Prevent access to drives from My Computer.
    1, Create the group policy object through MMC.MSC.
    2, Apply this GPO only to the new user
    3, User Configuration > Administrative Templates > Windows Components > File Explorer
    In the right side of the screen, scroll down to find a policy that is called:
    Prevent access to drives from My Computer, select restrict all drives.
    Refresh the group policy.

    115177-7162.jpg

    Since the drives was restricted for the user, before you configure the Group Policy, you shall complete all installations and settings in C drive or other drives.