Skip to main content

Hide Local Disk (C:) in Windows Server 2022 (Cloud Server)

 To hide Local Disk (C:) in Windows Server 2022 (Cloud Server) for normal users but keep it accessible to Administrator, you have several options. Since you're using a cloud server (likely via RDP), the safest way is through Group Policy + NTFS permissions.

✅ METHOD 1 – Hide C: Drive via Group Policy (Recommended)

This hides the drive from File Explorer but doesn’t fully block access unless combined with permissions.

🔹 Step 1: Open Local Group Policy

  1. Press Win + R

  2. Type:

    gpedit.msc

  3. Press Enter

🔹 Step 2: Navigate to

User Configuration
  → Administrative Templates
    → Windows Components
      → File Explorer

🔹 Step 3: Enable These Policies

  1. Hide these specified drives in My Computer

    • Set to: ✅ Enabled

    • Choose: Restrict C drive only

  2. Prevent access to drives from My Computer

    • Set to: ✅ Enabled

    • Choose: Restrict C drive only

Click Apply → OK.

🔹 Step 4: Apply Policy

Open Command Prompt as Administrator and run:

gpupdate /force

⚠ Important

This affects the current user configuration.

If you want this only for standard users (not Administrator):

  • Apply the policy only under User Configuration

  • Make sure Administrator account is NOT under restricted user group

✅ METHOD 2 – Use NTFS Permissions (Stronger Security)

This actually blocks access.

🔹 Step 1:

  1. Right-click Local Disk (C:)

  2. Click Properties

  3. Go to Security tab

🔹 Step 2:

  1. Click Advanced

  2. Disable inheritance

  3. Remove normal user group (like “Users”)

  4. Keep:

    • Administrator

    • SYSTEM

Click Apply.

🔒 Best Practice for Cloud Servers

Since you're likely running services (maybe your PHP water billing system or other apps), do NOT fully block C: if:

  • IIS is running

  • MySQL is installed

  • Apps depend on C:\Program Files

Instead:

✔ Hide the drive via Group Policy
✔ Restrict specific folders instead of whole drive

Example:

C:\Users
C:\Windows
C:\Program Files

💡 Enterprise-Level Method (If Multiple Users)

Use:

  • Active Directory Group Policy (GPMC)

  • Create a policy only for a specific OU

  • Exclude Administrator

🎯 Recommended Safe Setup for You

Since you're running systems on your server:

✔ Hide C drive using Group Policy
✔ Block only sensitive folders using NTFS
✔ Keep Administrator full control


✅ METHOD 3

Since you have multiple RDP users on your Windows Server 2022 Cloud Server, the correct and clean way is:

✅ Hide C: drive for normal users
✅ Keep full access for Administrator
✅ Do NOT break system services (IIS, MySQL, PHP, etc.)

Below is the proper professional setup 👇

✅ STEP 1 — Create a Security Group for Restricted Users (Best Practice)

1️⃣ Open:

lusrmgr.msc

2️⃣ Go to:

Groups → New Group

Create:

Group name: RestrictedRDPUsers

Add all normal RDP users inside this group.

⚠ Do NOT add Administrator.

✅ STEP 2 — Hide C: Drive via Group Policy (Per Group Only)

Since this is multi-user, use Local Group Policy with Security Filtering.

1️⃣ Open:

mmc

2️⃣ Add Snap-in:

  • Click File → Add/Remove Snap-in

  • Select Group Policy Object Editor

  • Click Add

  • Click Browse

  • Go to Users tab

  • Select Non-Administrators

  • Click OK

Now configure policy only for non-admin users.

3️⃣ Navigate to:

User Configuration
 → Administrative Templates
   → Windows Components
     → File Explorer

Enable:

Hide these specified drives in My Computer
→ Restrict C drive only

Prevent access to drives from My Computer
→ Restrict C drive only

Apply → OK

4️⃣ Run:

gpupdate /force

✅ STEP 3 — Block Access via NTFS (More Secure)

Hiding is cosmetic. This blocks real access.

1️⃣ Right-click *C:*
→ Properties
→ Security
→ Advanced

2️⃣ Disable inheritance

3️⃣ Remove:

Users
Authenticated Users

4️⃣ Add:

RestrictedRDPUsers

Set permission to:

❌ Deny → List folder / Read

Keep:
✔ SYSTEM
✔ Administrators

Click Apply.

⚠ VERY IMPORTANT (Cloud Server Warning)

Do NOT deny:

  • SYSTEM

  • Administrators

  • IIS_IUSRS (if using IIS)

  • MySQL service account

  • Any service accounts

Otherwise your server may crash services.

Since you previously mentioned PHP systems, I assume you might be running:

  • IIS

  • XAMPP

  • MySQL

So we must be careful.

🔐 Even Better Enterprise Method (Cleanest Setup)

If you want the cleanest professional configuration:

Instead of blocking entire C:

✔ Leave C: system alone
✔ Create separate drive (D:)
✔ Give users access only to D:
✔ Hide C: completely

This is how production servers are configured.

🎯 Recommended Setup For You

Since you run multiple systems:

✔ Hide C via policy
✔ Restrict user profile folders only
✔ Keep services untouched
✔ Create D drive for shared work




Comments

Post a Comment

Popular posts from this blog

Two simple ways to block internet browsing using Windows Firewall.

  Here are two simple ways to block internet browsing using Windows Firewall. Choose Method A (Block all browsers) or Method B (Block specific browsers like Chrome/Edge/Firefox). ✅ METHOD A — BLOCK ALL INTERNET BROWSING (Recommended) This blocks ALL internet access for ALL applications except those you allow. Steps: Press Windows + R Type: wf.msc Press Enter On the left, click Outbound Rules On the right, click New Rule… Select Custom → Next Under Program , choose All programs → Next Under Protocol and Ports , click Next Under Scope , click Next Under Action , select: ✔ Block the connection Click Next Under Profile , select: ✔ Domain ✔ Private ✔ Public Click Next Name the rule: Block Internet Browsing Click Finish ✔ This will instantly disable ALL internet access. 🟨 OPTIONAL: Allow exceptions If you want to allow EXCEPTIONS (example: allow only MT5, or allow Windows Update): Create a New Outbound Rule Select Program Browse to the app...
Post a Comment
Read more

Block Browser Using Software Restriction Policy

Here are several alternative ways to block web browsers in Windows (Chrome, Edge, Firefox, etc.) without using the firewall method you mentioned earlier . Choose the method that best fits your need. 1 . Block Browser Using AppLocker (Windows Pro/Enterprise) Blocks the browser application from opening completely. Steps: Press Win + R , type: secpol.msc Go to: Application Control Policies → AppLocker → Executable Rules Right-click → Create New Rule Select: Deny User = Standard user (not Admin) Choose Path : Chrome: C:\Program Files\Google\Chrome\Application\chrome.exe Edge: C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe Firefox: C:\Program Files\Mozilla Firefox\firefox.exe Apply. Result: User cannot open the browser. Admin still can. 2 . Block Browser Using Software Restriction Policy For Windows Pro. Steps: Press Win + R , type: gpedit.msc Navigate to: Computer Configuration → Windows Settings → Security Settings → Soft...
Post a Comment
Read more

How to connect your Website domain name to a Cloud VPS hosting environment running XAMPP

To connect your Website domain name to a Cloud VPS hosting environment running XAMPP, follow these steps: Obtain Your VPS IP Address : Log in to your Contabo account and navigate to your VPS management section to find your server's public IP address. Configure Your Domain's DNS Settings : Access your domain registrar's control panel. Locate the DNS management section. Create an 'A' record pointing your domain (e.g., yourdomain.com ) to your VPS's public IP address. If you want ' www.yourdomain.com ' to also point to your VPS, add a 'CNAME' record for 'www' pointing to 'yourdomain.com'. Set Up Virtual Hosts in XAMPP : On your VPS, open the httpd-vhosts.conf file located at C:\xampp\apache\conf\extra\httpd-vhosts.conf . Add the following configuration, replacing placeholders with your actual domain and directory paths: <VirtualHost *:80> ServerAdmin [email protected] DocumentRoot "C:/xampp/ht...
Post a Comment
Read more