This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 14.000000000000002%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELH%3C/text%3E%3C/svg%3E)
I would like to block access to the C drive for a certain group of users. These users access devices that are enrolled in Intune. The policy must meet the following requirements;
No access to C drive
No ability for user to edit content in C drive
All apps used on device that require C drive access must be unaffected by this restriction
Policy must apply to select group of users
Policy must apply to devices that are both Hybrid Azure AD domain-joined and Azure AD domain-joined
I am familiar with achieving this using Group Policy but would like to use Intune instead. I have been exploring the options in Intune - specifically by creating a device configuration profile, but have so far been unsuccessful.
Any help would be appreciated.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 30%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ECM%3C/text%3E%3C/svg%3E)
anonymous user, From your description, I know you want to restrict access to C drive for some users. if there's any misunderstanding, please let us know.
Based as i know, C drive contains the files which is OS related.
C:\WINDOWS folder contains the files that, in turn, contain the code to run the OS.
C:\Users store the information of user profile.
C:\Program Files or C:\Program Files (x86) store the application installed on the device.
To restrict user to access C drive may cause login issue and etc. Could you let us know why we want to restrict user to access C drive?
anonymous user, How are things going? Could you provide the above information to us? Thanks and I look forward to your reply.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
no access to C drive-->you can use custom CSP to restrict the storage (restrictlocalstorage) https://learn.microsoft.com/en-us/windows/client-management/mdm/sharedpc-csp
you can apply this CSP policy to a policy to group of users.
Make sure the user is standard user and not part of administrator group to restrict from installing any apps.
@ESWARARAJU KONETI You are correct.
Please find below thread for the step by step actions to restrict the C drive.
I am familiar with achieving this using Group Policy but would like to use Intune instead
And what exactly would you do using Group Policy?
All apps used on device that require C drive access must be unaffected by this restriction
This is not possible as you don't grant or restrict applications access in Windows. All access is based on the user launching the application.
I have done some work in the lab to implement a policy similar to that you are looking for (I think). I don't know whether Prevent Users to Save Files on Local Drives Desktop using Intune would help you or not. But it's worth a try in the staging environment.
KR
Anoop
https://www.htmdcommunity.org/