Forum Discussion
nautil125
May 02, 2024Copper Contributor
Restrict common users from creating a folder in root of system drive
Hello professionals,
hope you can help me with an issue I am struggling with on both Windows Server 2019 and 2022. Common/ordinary users (domain users who are member of Remote Desktop Users group) should not be able to create a folder in root of system drive C:, but members of Administrators group should have those privileges.
Typical solution is to drop Write/Modify for Users in context menu Security, like this:
Unfortunately it doesn't work. Members of Remote Desktop Users, who are not members of Administrators group, can create and delete folder in C: Following pictures are snipped on Windows Server 2022.
Remote Desktop Users:
Users:
Folder creation/deletion of a user from Remote Desktop User group:
Do you have any idea why NTFS permissions do not work on system drive C:?
Do you have any suggestion how to solve the issue, i.e. prevent non-administrator users from creating their own folders in root of system drive?
Regards
Leos
Correct setting was hidden in advanced permission configuration. There is a step-by-step directions to solve my problem:
- right mouse click on drive C:
- (item) Properties
- (card) Security
- (button) Advanced
- (button) Change Permissions
- select line with Users group and privilege "Create folders / append data" granted on "This folder and subfolders"
- (button) Edit
- (hyperlink) Show advanced permissions
- (select list) Applies to: "This folder and subfolders", change to "Subfolders and files only"
- (button) OK
- (button) OK
- (button) Yes (confirm a warning about changing permissions on the root directory of the startup disk
Changing of permission failed for those hidden system files, because there were in use by another process:
- C:\DumpStack.log.tmp
- C:\pagefile.sys
- nautil125Copper Contributor
Correct setting was hidden in advanced permission configuration. There is a step-by-step directions to solve my problem:
- right mouse click on drive C:
- (item) Properties
- (card) Security
- (button) Advanced
- (button) Change Permissions
- select line with Users group and privilege "Create folders / append data" granted on "This folder and subfolders"
- (button) Edit
- (hyperlink) Show advanced permissions
- (select list) Applies to: "This folder and subfolders", change to "Subfolders and files only"
- (button) OK
- (button) OK
- (button) Yes (confirm a warning about changing permissions on the root directory of the startup disk
Changing of permission failed for those hidden system files, because there were in use by another process:
- C:\DumpStack.log.tmp
- C:\pagefile.sys
- L_Youtell_974Brass ContributorIf i were you, i would not play with the permission on the drive "c", because if you mess with this, you could mess with the "c:\users" and thing could be turn really bad.
I would suggest to only hide the drive "c:" because at the end, If you hide the drive, user can't play the drive.- nautil125Copper Contributor
L_Youtell_974My preference would be that users could still browse the C: drive, but could not create folders in the root.
If Windows Server 2022 doesn't allow this setting, I'll accept it and arrange accordingly. But it's a mystery to me why this restriction simply can't be set.