How to Hide Drives using Group Policy in Windows Server 2012 R2
How to Hide Drives using Group Policy in Windows Server 2012 R2
How to hide drives using Group Policies is very important requirement coming from many Organizations who wants their environment to be more secured. In older posts, we talked about the steps of disabling USB drive using Group policy in Windows Server 2012, how to deploy software using Group policy, how to restrict software using GPO, etc. In this post, we’ll run you through the step by step guide to hide drives using Group policy in Windows Server 2012 R2.
Primarily in many scenarios we assign desktops to knowledge workers and normally they only need to work on single application or set of applications without accessing any drives. In that situation you can restrict and hide drives for them so that they would not be able to save any data on the local drives. Now a days many Organizations wants to deploy these policies to prevent their environment and protect their data.
[clickToTweet tweet=”How to Hide Drives using Group Policy in Windows Server 2012 R2″ quote=”How to Hide Drives using Group Policy in Windows Server 2012 R2″]
Steps to Hide Drives using Group Policy
1. In the below screen shot, you can see drives A; (Floppy Disk), C: & E: (Hard Drives), D: (DVD Drive) is visible. In this practical, we’ll show you step by step guide to hide C: drive of this server.
2. We are assuming a scenario in which, we are hiding C: drive for all the users that are part of the Sales OU. To achieve the desired results, we have created an OU (how to create OU in Active Directory) and created Users in the OU (how to create users).
3. To create a GPO, open Group Policy Management console by either typing “gpmc.msc” in the run or click on start, click on down arrow and select Group Policy Management console option. Expand domain name i.e. itingredients.com in this case. Right click on OU Sales and select “Create a GPO in this domain, and Link it here”.
4. Type the name of the new blank GPO template. For this practical we’ll give the name as HideDrive.
5. Once the blank GPO template is created. Right click on the HideDrive GPO and click on Edit to define the settings to hide drives using Group Policy. You can assign any name as per the naming convention that your Organization is using. But ensure that the name assigned also explains about the Policies that it contains. It would help to identify the policy in future if you have deployed large number of Group Policies in your Organization.
6. Group Policy management editor window would be opened. As this is User policy therefore on the left hand side frame, expand “User Configuration”, expand Policies, Administrative Templates Policy, Windows Components and select File Explorer. In the right hand side frame, double click on the “Hide these specified drives in My Computer”.
7. In the “Hide these specified drives in My Computer” window. Select Enabled to hide the drives using Group Policy. Under Options select the drive that you want to hide you’ll see options like “Restrict A and B drives only”, “Restrict C drive only”, “Restrict D drive only”, “Restrict all drives”, etc. For this practical, we’ll select C drive only. Click on Apply and then click on Ok agin to enable the hide drives group Policy.
8. Once the policy is defined and enabled, ensure you check it and confirm that it shows “Enabled” in the state.
9. On the client computer policy takes somewhere 90 minutes to 120 minutes to refresh. To force the Group Policy, go to any of the client computer on which you want to check the policy and run the command “gpupdate /force” else you can logoff and login back with the domain user, it would also refresh the Group Policy.
10. Now open “My PC” (My Computer) to check if C: drive is restricted and policy applied successfully or not. If C: drive is hidden then it confirms that hide drives Group Policy is applied successfully. This policy would work for all the existing users of Sales OU and all the new users that we’ll add to Sales OU because we attached and deployed this Group policy to Sales OU.
Hope with this you understood all the steps that we have listed in this article to hide drives using Group Policies. Please don’t forget to share your experience if you are using similar kind of policies in your Organization or if you are facing any issues while deploying these kind of policies.
Did this exact thing, and added the Prevent Access rule as well. For some reason it is not being applied at all. I am still able to go into the drive as the restricted user and view all contents. I have this policy set to filter to a single user, and that user is in an OU by itself with the policy applied to it. I also have the policy applied to another OU that the server 2012 R2 system I am trying to lock down resides in.
Any suggestions?
Nevermind, looks like it was a replication issue. I do have a followup question though. The purpose of this is to create a terminal services server that hosts a file share link without displaying the terminal services server’s drives as well. So I want the users to be able to see their own drive, and the target fileshare, but not the C: on the TS server. The only way I can think to do this is to have the policy applied only to the computer, but its a user policy, so I’m not sure this will work. Can I apply this to an OU with the target machine in it, so that anyone who logs into that machine can’t see the drives, but they can if they log into any other machine?
Thanks for putting all these steps and make this article. It really helped me in hiding drives using Group Policy. Appreciate your efforts.
Thanks for nice article. It really helped me in hiding drives using Group Policy. Can I also hide drives on my home Computer that is not part of the Domain?
Hello , we are follow all the steps but its not working , now what we can do. please help
Sandeep,
Please share the exact error message that you are receiving. What’s the client OS for which you want to hide Drives?
we are using the win 10 on client and windows server2012 r2 , its not showing me any error , issue is only action not working on client . drive not hide .
Did you run the command gpupdate /force on the client computer if yes then try to restart the Computer and then check the result. Hope it works. Do let us know the end result.