How to hide drive for specific users in Windows 7?
I need to hide the D:
drive for specified users on Windows 7. How can I do that?
There is a group policy setting to disable access to certain drives, and another to hide access. You need Windows 7 Professional, Ultimate or Enterprise to do this. For other versions, scroll down to my alternate solution.
If you only want to apply the policy to certain users, not every user, you need to configure it individually. You cannot do this by just opening gpedit.msc
; you need to add the group policy editor from the MMC:
- Run
mmc.exe
with administrative privileges - Click
File
>Add or Remove Snapin
- Select "Group Policy Object Editor" and click
Add >
- A wizard will appear. Click
Browse
, click theUsers
tab, and select a user or user group. Individual users are shown, as well as two generic groups; "Administrators" and "Non-Administrators". - Click
OK
, then clickFinish
in the wizard. - Click
OK
in the "Add Snapin" dialog. - Enter
User Configuration > Administrative Templates > Windows Components > Windows Explorer
. - Find
Hide these specified drives in My Computer
if you want to just hide the drives but still allow direct access (e.g. from run prompt, etc.) to the drives. FindPrevent access to drives from My Computer
to hide the drive and prevent access to it. - In whichever settings dialog, choose the
Enabled
radio button and choose the drive(s) you want to restrict. As of Windows 7, the only options are:A and B drives only
C drive only
D drive only
A, B and C drives only
A, B, C and D drives only
Restrict all drives
Do not restrict drives
- Click OK
The next time the user(s) log in, they will not be able to see/access the drive This should work as you specifically asked for disabling the D: drive.
If you want to disable a drive other than A, B, C, or D, or if you have a version of Windows 7 which doesn't support the group policy editor, you will need to make the changes manually in the registry.
The first step is to load the registry hive of the user you are removing the drives from. The user must be logged out for this to work; in fact, it's better to do a fresh restart before doing this process.
- Open the registry editor with administrative privileges
- Select
HKEY_USERS
- Choose
Load Hive
from theFile
menu - Navigate to that user's profile folder, usually
C:\users\username
- Enter
NTUSER.DAT
in theFile name
box. This file is a system-hidden file, so it won't show up in the file selection window. You have to type it in. Be sure not to selectntuser.dat.log
by accident. - Click ok, then enter a name for the key. We'll call it
Foo
. - Go to
HKEY_USERS\Foo\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
- Create a new 32-bit DWORD value and name it
NoDrives
to hide the drives, orNoViewOnDrive
to completely disable access. - The value you enter depends on the drive(s) you want to restrict, and is a bit tricky. Each letter, starting with Z and going down to A, is represented by a
1
(disabled) or0
(enabled). Make this binary number, then convert it to hexidecimal. This is the number you put in the box. For example, D is the fourth drive letter from the right, and everything to the left of it is a 0, so the number will beb1000
, which isx08000000
, so you would enter08000000
as the value. To disable C and D, you would useb1100
, orx0c000000
. If this confused you, post in the comments for help. - Once you've saved this value, navigate back up to
HKEY_USERS
, select the key you loaded, and then clickFile
>Unload Hive
. This step is ABSOLUTELY CRITICAL!! If you don't unload the hive, the user will be unable to login properly. - Close the registry editor, then restart the computer. The new settings should have taken effect.
Right-click on said drive in Computer, choose Properties → Security. Update access as needed: remove "Users", add "Parents", etc.
If your version of Windows doesn't have a Security tab, use icacls
from command line:
icacls F:\ /grant Parents:(oi)(ci)F
icacls F:\ /remove Users
You can hide any drives using Group Policy. This will set restrictions for any users on the machine.
- Click on Start > Run and type gpedit.msc, and hit enter.
- Then navigate through: User Configuration, Administrative Templates, Windows Components, and Windows Explorer.
- Click Hide these specified drives in My Computer.
- Click to select the Hide these specified drives in My Computer check box.
- Click on Enabled in the top right and select the appropriate option in the drop-down box.
Hope this helps! :)
Taken from this link (a bit too lazy to type it out myself):
- Right-Click on My Computer [Computer in Windows Vista and Windows 7]
- Click on Manage
- From the list of options Click on Disk Management that will be located in the left-bottom section
- All your hard disk and its partitions will be show in the right hand side
- Right-Click on the partition that you want to hide and select "Change Drive Letters and Path"
- Click on "Remove" and click "Yes"
- Your drive will now be hidden in my computer
You're looking for a type of Access Based Enumeration.
Enabling a user to only see drives / folders that they have the permissions for is supported in domains but not in stand alone installations as far as I'm aware.
You used to be able to do this in Windows XP by using Windows SteadyState but this tool has been discontinued.