How to hide drive for specific users in Windows 7?

I need to hide the D: drive for specified users on Windows 7. How can I do that?


There is a group policy setting to disable access to certain drives, and another to hide access. You need Windows 7 Professional, Ultimate or Enterprise to do this. For other versions, scroll down to my alternate solution.

If you only want to apply the policy to certain users, not every user, you need to configure it individually. You cannot do this by just opening gpedit.msc; you need to add the group policy editor from the MMC:

  1. Run mmc.exe with administrative privileges
  2. Click File > Add or Remove Snapin
  3. Select "Group Policy Object Editor" and click Add >
  4. A wizard will appear. Click Browse, click the Users tab, and select a user or user group. Individual users are shown, as well as two generic groups; "Administrators" and "Non-Administrators".
  5. Click OK, then click Finish in the wizard.
  6. Click OK in the "Add Snapin" dialog.
  7. Enter User Configuration > Administrative Templates > Windows Components > Windows Explorer.
  8. Find Hide these specified drives in My Computer if you want to just hide the drives but still allow direct access (e.g. from run prompt, etc.) to the drives. Find Prevent access to drives from My Computer to hide the drive and prevent access to it.
  9. In whichever settings dialog, choose the Enabled radio button and choose the drive(s) you want to restrict. As of Windows 7, the only options are:
    • A and B drives only
    • C drive only
    • D drive only
    • A, B and C drives only
    • A, B, C and D drives only
    • Restrict all drives
    • Do not restrict drives
  10. Click OK

The next time the user(s) log in, they will not be able to see/access the drive This should work as you specifically asked for disabling the D: drive.

If you want to disable a drive other than A, B, C, or D, or if you have a version of Windows 7 which doesn't support the group policy editor, you will need to make the changes manually in the registry.

The first step is to load the registry hive of the user you are removing the drives from. The user must be logged out for this to work; in fact, it's better to do a fresh restart before doing this process.

  1. Open the registry editor with administrative privileges
  2. Select HKEY_USERS
  3. Choose Load Hive from the File menu
  4. Navigate to that user's profile folder, usually C:\users\username
  5. Enter NTUSER.DAT in the File name box. This file is a system-hidden file, so it won't show up in the file selection window. You have to type it in. Be sure not to select ntuser.dat.log by accident.
  6. Click ok, then enter a name for the key. We'll call it Foo.
  7. Go to HKEY_USERS\Foo\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
  8. Create a new 32-bit DWORD value and name it NoDrives to hide the drives, or NoViewOnDrive to completely disable access.
  9. The value you enter depends on the drive(s) you want to restrict, and is a bit tricky. Each letter, starting with Z and going down to A, is represented by a 1 (disabled) or 0 (enabled). Make this binary number, then convert it to hexidecimal. This is the number you put in the box. For example, D is the fourth drive letter from the right, and everything to the left of it is a 0, so the number will be b1000, which is x08000000, so you would enter 08000000 as the value. To disable C and D, you would use b1100, or x0c000000. If this confused you, post in the comments for help.
  10. Once you've saved this value, navigate back up to HKEY_USERS, select the key you loaded, and then click File > Unload Hive. This step is ABSOLUTELY CRITICAL!! If you don't unload the hive, the user will be unable to login properly.
  11. Close the registry editor, then restart the computer. The new settings should have taken effect.

Right-click on said drive in Computer, choose Properties → Security. Update access as needed: remove "Users", add "Parents", etc.

If your version of Windows doesn't have a Security tab, use icacls from command line:

icacls F:\ /grant Parents:(oi)(ci)F
icacls F:\ /remove Users

You can hide any drives using Group Policy. This will set restrictions for any users on the machine.

  • Click on Start > Run and type gpedit.msc, and hit enter.
  • Then navigate through: User Configuration, Administrative Templates, Windows Components, and Windows Explorer.
  • Click Hide these specified drives in My Computer.
  • Click to select the Hide these specified drives in My Computer check box.
  • Click on Enabled in the top right and select the appropriate option in the drop-down box.

Hope this helps! :)


Taken from this link (a bit too lazy to type it out myself):

  • Right-Click on My Computer [Computer in Windows Vista and Windows 7]
  • Click on Manage
  • From the list of options Click on Disk Management that will be located in the left-bottom section
  • All your hard disk and its partitions will be show in the right hand side
  • Right-Click on the partition that you want to hide and select "Change Drive Letters and Path"
  • Click on "Remove" and click "Yes"
  • Your drive will now be hidden in my computer

You're looking for a type of Access Based Enumeration.
Enabling a user to only see drives / folders that they have the permissions for is supported in domains but not in stand alone installations as far as I'm aware.
You used to be able to do this in Windows XP by using Windows SteadyState but this tool has been discontinued.