Making a restricted user account

Page 1 of 2 12 LastLast

  1. Posts : 8
    Windows 10 Pro
       #1

    Making a restricted user account


    Hello—

    Recently I went on an adventure trying to mangle drive permissions attempting to restrict their access from an alternate guest account. This caused serious problems and, bruised ego in my arms, I come to you all to request a tutorial on it from someone who actually knows things.

    I wish to make a user account that will be able to run installed programs from any drive as normal. However, I want to ensure that in no way can this user account navigate to any files or folders outside of its designated User folders. Even as much as accessing the main directory of C:/ should return an Access Denied. No files anywhere on the computer should appear in any searches from this account. Effectively it should be completely separated from everything else, but for its ability to run installed programs.

    How do I do this?
      My Computer


  2. Posts : 5,170
    64bit Win 10 Pro ver 21H2
       #2

    The old guest account comes closest to this but it is no longer officially available in W10. You can create one though but it will still allow users to see files on other drives such as C: It will limit their ability to make changes though.

    Add Guest Account in Windows 10
      My Computers


  3. Posts : 43,412
    Win 10 Pro (22H2) (2nd PC is 22H2)
       #3

    Just a first reaction- considering the O/S and the various folders other than those containing data created by users that programs use, if that user is to run an installed program, the program necessarily has to be able to read files from all the folders that such programs need, whether those be from its installation folder, or O/S folders various.

    I do not know whether it is at all possible to distinguish between, say, file explorer accessing those folders and that user's program.

    The only other option might be to restrict that user to running solely and entirely portable programs.

    That's only part of the problem of course.
      My Computers


  4. Posts : 8
    Windows 10 Pro
    Thread Starter
       #4

    dalchina said:
    Just a first reaction- considering the O/S and the various folders other than those containing data created by users that programs use, if that user is to run an installed program, the program necessarily has to be able to read files from all the folders that such programs need, whether those be from its installation folder, or O/S folders various.

    I do not know whether it is at all possible to distinguish between, say, file explorer accessing those folders and that user's program.

    The only other option might be to restrict that user to running solely and entirely portable programs.
    By altering security permissions, I suppose I can simply restrict access to anything vaguely personal or important that doesn't need to be accessed by programs being run in the guest account. This was the only thing I could come up with on my own, but I was hoping for a less convoluted solution. But, if it's not to be, it's not to be. If I really want this guest account to work the way I would like, I'll simply have to laboriously make each individual non-essential folder inaccessible at the highest level possible without interfering with access to critical files.

    Addendum: Hrmm, actually, there may be a workaround to this. Since this account is ONLY intended to run programs, is there a way to simply... restrict access to the file browser altogether?
      My Computer


  5. Posts : 43,412
    Win 10 Pro (22H2) (2nd PC is 22H2)
       #5

    There is this:
    https://support.microsoft.com/en-au/...rosoft-privacy

    but note when you look at the Settings options it says
    Making a restricted user account-1.png

    For folders, 'List folder contents' can be assigned permissions- how helpful that might be for O/S folders and what adverse effects it could have if restricted for a given user I have no idea. Just a thought..
    Making a restricted user account-1.png

    Permissions for data is the relatively easy bit.
      My Computers


  6. Posts : 8
    Windows 10 Pro
    Thread Starter
       #6

    dalchina said:
    There is this:
    https://support.microsoft.com/en-au/...rosoft-privacy

    but note when you look at the Settings options it says
    Making a restricted user account-1.png

    Permissions for data is the relatively easy bit.
    Hrmm. So it is possible for me to completely deny access to the file system by the user themselves (rendering them totally unable to open the file browser whatsoever), but selectively permit apps? That would be perfect.
      My Computer


  7. Posts : 43,412
    Win 10 Pro (22H2) (2nd PC is 22H2)
       #7

    So it is possible for me to completely deny access to the file system by the user
    - er, but the user has to use a program to do that - at least at GUI level.

    See amended post above too.
      My Computers


  8. Posts : 4,201
    Windows 10 Pro x64 Latest RP
       #8

    The most available option to control a user on windows is to treat them as a child

    Use parental controls to create them a limited account, and set the access rights to whatever you wish, for programs, file access, internet time limits, even computer access, where they can only log in at certain times

    Lots of information here ... https://www.tenforums.com/user-accou...y/index39.html and tutorials for the details in Tutorials section
      My Computers


  9. Posts : 8
    Windows 10 Pro
    Thread Starter
       #9

    Thank you both for the help. I will peruse the provided content tomorrow, given that presently I am terribly sleep deprived after spending about 4 more hours than I intended to trying to sort all this out.

    The speed at which I have been assisted on these forums is to be commended. Both of my posts garnered quick and useful responses. I will not mark this thread solved as yet; I will report back tomorrow once I've tinkered with some of the provided tools.

    Perhaps the most effective method of doing what I intend to do is trusting my dang family members not to root around in the rest of my files while they're trying to use my computer for video games or miscellaneous internet browsing...

    ... nah, to heck with that.
      My Computer


  10. Posts : 43,412
    Win 10 Pro (22H2) (2nd PC is 22H2)
       #10

    @Barman58 Hi, if logged in as a child, can that child still access O/S files and folders on C: ? I can't see anything in the tutorials on a very quick scan that show that can be restricted. Thanks.
      My Computers


 

  Related Discussions
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 09:52.
Find Us




Windows 10 Forums