Blocking the C drive has always been one of the common restrictions that Group Policy admins enforced for standard user accounts. There are multiple reasons for restricting access to the C Drive for non admin users.
The first is system stability because it prevents basic users from accessing, altering, or deleting critical system files on their computers, thus minimizing potential issues that disrupt desktop operations and initiate a help desk ticket.
It reduces the chances of malware being introduced into the system and prevents users from installing unauthorized applications, opening suspicious files or clicking on malicious executables.
Blocking the C drive in some cases may be required by compliance regulations to restrict user access to certain system resources.
Keeping users out of the C drive can potentially simplify troubleshooting as it eliminates user file tampering.
For shared desktop computers it can help protect the data of other users who have logged onto the device
Because Intune uses many of the same Windows Administrative Templates, it is easy to block C Drive access with Intune as well. Using the Microsoft Intune admin center, go to Devices > Configuration Profiles and click “Create profile.” Select “Windows 10 and later” as the Platform and Administrative Templates as the profile. Name the configuration profile and go to User Configuration > Windows Components > File Explorer as shown in the screenshot below.
Scroll down through the settings and select “Prevent access to drives from My Computer” and choose Enabled. You can then select the drives you wish to block access to as shown below.
Click OK and click next. Then assign the configuration profile to the designated groups and you are done.
Jeremy Moskowitz Enterprise Mobility MVP & Lead Trainer
Jeremy Moskowitz is a former Microsoft Enterprise Mobility MVP and founder of MDMandGPanswers.com and PolicyPak Software.
Jeremy teaches Group Policy hands-on training to IT administrators who want to make their business more secure by using Group Policy.
He runs MDMandGPanswers.com, a forum for Group Policy enthusiasts and also founded PolicyPak Software, an innovative add-on that allows admins to dictate, enforce and remediate application settings. Jeremy is also author of several Group Policy Books, including “Group Policy: Fundamentals, Security, and the Managed Desktop, 2nd Edition”.
He has been seen speaking at Microsoft TechEd, Microsoft MMS, Windows Connections and many others.
Jeremy has performed Windows NT, Active Directory and Group Policy planning, training and implementation for some of the world’s largest organizations.
Jeremy is available for consultations with your company, speaking at your events, or writing custom publications.
The Definitive Guide to Windows Installer Technology
James I. Conrad, MCSE 2003, Server+, A+, Certified Ethical Hacker.
For years, James Conrad has been a sought-after consultant and trainer for Fortune 500 companies. James has been an exam writer for Microsoft MCSE exams and was a key contributor in determining MCSE exam objectives in the Microsoft Certification and Skills Assessment division.
He has trained and consulted for Intel, UCLA, Raytheon, Compaq, Hewlett-Packard, MCI Worldcom, Sprint, Exxon-Mobil, Boeing, Lockheed Martin, the U.S. Department of Justice, the Bureau of Land Management, and many others.
James writes internal training materials for current Windows products and has authored Windows 2000 Server for Computer Associates, and Windows XP Desktop Administration for the Windows Consulting Group, among others. He has also been a technical editor for many books including The Tips and Tricks Guide to Securing .NET Server by Roberta Bragg and Windows Server 2003 Security: A Technical Reference also by Roberta Bragg. James also wrote the CompTIA Server+ college curriculum for Thomson Learning.
James wrote five Personal Test Center Windows 2000 Professional exam preparation tests for Coriolis. James has also written the popular Windows 2000 Server, Windows 2000 Professional, and CompTIA Network+ certification books for ComputerPrep. James also served as the technical editor for Thomson Learning’s Network+ college curriculum. James is currently the lead instructor for CBT Nuggets, a leading Microsoft, Cisco, and Linux video training source.