Skip to main content

Hide Local Disk (C:) in Windows Server 2022 (Cloud Server)

 To hide Local Disk (C:) in Windows Server 2022 (Cloud Server) for normal users but keep it accessible to Administrator, you have several options. Since you're using a cloud server (likely via RDP), the safest way is through Group Policy + NTFS permissions.

✅ METHOD 1 – Hide C: Drive via Group Policy (Recommended)

This hides the drive from File Explorer but doesn’t fully block access unless combined with permissions.

🔹 Step 1: Open Local Group Policy

  1. Press Win + R

  2. Type:

    gpedit.msc

  3. Press Enter

🔹 Step 2: Navigate to

User Configuration
  → Administrative Templates
    → Windows Components
      → File Explorer

🔹 Step 3: Enable These Policies

  1. Hide these specified drives in My Computer

    • Set to: ✅ Enabled

    • Choose: Restrict C drive only

  2. Prevent access to drives from My Computer

    • Set to: ✅ Enabled

    • Choose: Restrict C drive only

Click Apply → OK.

🔹 Step 4: Apply Policy

Open Command Prompt as Administrator and run:

gpupdate /force

⚠ Important

This affects the current user configuration.

If you want this only for standard users (not Administrator):

  • Apply the policy only under User Configuration

  • Make sure Administrator account is NOT under restricted user group

✅ METHOD 2 – Use NTFS Permissions (Stronger Security)

This actually blocks access.

🔹 Step 1:

  1. Right-click Local Disk (C:)

  2. Click Properties

  3. Go to Security tab

🔹 Step 2:

  1. Click Advanced

  2. Disable inheritance

  3. Remove normal user group (like “Users”)

  4. Keep:

    • Administrator

    • SYSTEM

Click Apply.

🔒 Best Practice for Cloud Servers

Since you're likely running services (maybe your PHP water billing system or other apps), do NOT fully block C: if:

  • IIS is running

  • MySQL is installed

  • Apps depend on C:\Program Files

Instead:

✔ Hide the drive via Group Policy
✔ Restrict specific folders instead of whole drive

Example:

C:\Users
C:\Windows
C:\Program Files

💡 Enterprise-Level Method (If Multiple Users)

Use:

  • Active Directory Group Policy (GPMC)

  • Create a policy only for a specific OU

  • Exclude Administrator

🎯 Recommended Safe Setup for You

Since you're running systems on your server:

✔ Hide C drive using Group Policy
✔ Block only sensitive folders using NTFS
✔ Keep Administrator full control


✅ METHOD 3

Since you have multiple RDP users on your Windows Server 2022 Cloud Server, the correct and clean way is:

✅ Hide C: drive for normal users
✅ Keep full access for Administrator
✅ Do NOT break system services (IIS, MySQL, PHP, etc.)

Below is the proper professional setup 👇

✅ STEP 1 — Create a Security Group for Restricted Users (Best Practice)

1️⃣ Open:

lusrmgr.msc

2️⃣ Go to:

Groups → New Group

Create:

Group name: RestrictedRDPUsers

Add all normal RDP users inside this group.

⚠ Do NOT add Administrator.

✅ STEP 2 — Hide C: Drive via Group Policy (Per Group Only)

Since this is multi-user, use Local Group Policy with Security Filtering.

1️⃣ Open:

mmc

2️⃣ Add Snap-in:

  • Click File → Add/Remove Snap-in

  • Select Group Policy Object Editor

  • Click Add

  • Click Browse

  • Go to Users tab

  • Select Non-Administrators

  • Click OK

Now configure policy only for non-admin users.

3️⃣ Navigate to:

User Configuration
 → Administrative Templates
   → Windows Components
     → File Explorer

Enable:

Hide these specified drives in My Computer
→ Restrict C drive only

Prevent access to drives from My Computer
→ Restrict C drive only

Apply → OK

4️⃣ Run:

gpupdate /force

✅ STEP 3 — Block Access via NTFS (More Secure)

Hiding is cosmetic. This blocks real access.

1️⃣ Right-click *C:*
→ Properties
→ Security
→ Advanced

2️⃣ Disable inheritance

3️⃣ Remove:

Users
Authenticated Users

4️⃣ Add:

RestrictedRDPUsers

Set permission to:

❌ Deny → List folder / Read

Keep:
✔ SYSTEM
✔ Administrators

Click Apply.

⚠ VERY IMPORTANT (Cloud Server Warning)

Do NOT deny:

  • SYSTEM

  • Administrators

  • IIS_IUSRS (if using IIS)

  • MySQL service account

  • Any service accounts

Otherwise your server may crash services.

Since you previously mentioned PHP systems, I assume you might be running:

  • IIS

  • XAMPP

  • MySQL

So we must be careful.

🔐 Even Better Enterprise Method (Cleanest Setup)

If you want the cleanest professional configuration:

Instead of blocking entire C:

✔ Leave C: system alone
✔ Create separate drive (D:)
✔ Give users access only to D:
✔ Hide C: completely

This is how production servers are configured.

🎯 Recommended Setup For You

Since you run multiple systems:

✔ Hide C via policy
✔ Restrict user profile folders only
✔ Keep services untouched
✔ Create D drive for shared work




Comments

Post a Comment

Popular posts from this blog

How to add your Source Code to GitHub

Quick setup  — if you’ve done this kind of thing before  Set up in Desktop or HTTPS SSH Get started by  creating a new file  or  uploading an existing file . We recommend every repository include a  README ,  LICENSE , and  .gitignore . …or create a new repository on the command line echo "# bms" >> README.md git init git add README.md git commit -m "first commit" git branch -M main git remote add origin https://github.com/xxxxxxxxx/bms.git git push -u origin main …or push an existing repository from the command line git remote add origin https://github.com/xxxxxxxxxx/bms.git git branch -M main git push -u origin main -------------------------------------------------------------------------------------------------------- Proper steps to add existing code to GitHub The proper way to push a new project into an existing GitHub repository follows these steps: Create a GitHub repository for the existing project. Copy the GitHub URL for th...
Post a Comment
Read more

How to connect your Website domain name to a Cloud VPS hosting environment running XAMPP

To connect your Website domain name to a Cloud VPS hosting environment running XAMPP, follow these steps: Obtain Your VPS IP Address : Log in to your Contabo account and navigate to your VPS management section to find your server's public IP address. Configure Your Domain's DNS Settings : Access your domain registrar's control panel. Locate the DNS management section. Create an 'A' record pointing your domain (e.g., yourdomain.com ) to your VPS's public IP address. If you want ' www.yourdomain.com ' to also point to your VPS, add a 'CNAME' record for 'www' pointing to 'yourdomain.com'. Set Up Virtual Hosts in XAMPP : On your VPS, open the httpd-vhosts.conf file located at C:\xampp\apache\conf\extra\httpd-vhosts.conf . Add the following configuration, replacing placeholders with your actual domain and directory paths: <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "C:/xampp/ht...
Post a Comment
Read more

How to Create a Bootable USB Using Rufus

  How to Create a Bootable USB Using Rufus A “ bootable USB ” is a regular USB storage device (like a USB stick or external hard drive) that has an “ISO image” of an operating system saved on it.   An ISO image is an archive file that contains all the information found on an optical disc, such as a CD or DVD. This could, for example, be a Windows installation CD. Normally, whenever you start up your computer, it boots from the operating system stored on your internal hard drive. By running the bootable USB however, you can boot up your computer using the USB’s ISO image instead.  This can be useful if you ever need to recover, repair or install an operating system on your computer. How to Create a Bootable USB using Rufus Rufus is one of several programs that allow you to create an “ISO image” on a USB stick. To create a bootable USB using Rufus, all you need is: Your ISO of choice, e.g. Windows 10 The latest version of Rufus (available online from...
Post a Comment
Read more