Server 2012 – Restrict Access to Specific Drives via Group Policy

If you’re familiar with Group Policy, there’s been an administrative template available since the Windows 2000 days to restrict access to the drives in File Explorer. The only problem with that template is that it only gives you the options to remove access to either all the drives or drives A, B, C, and D which is isn’t very flexible.

In search of a more granular option, I found this very helpful post here that explains exactly how to restrict access to specific drives using registry keys. Here I’m just going to copy the table and show you how to add a Group Policy Registry Preference to achieve the same thing.

Simply add the decimal values together for whatever drive letters you want to enable access to and then enter the product into the Value data section in the instructions below.

Drive Letter Decimal Value Drive Letter Decimal Value
A 1 N 8192
B 2 0 16384
C 4 P 32768
D 8 Q 65536
E 16 R 131072
F 32 S 262144
G 64 T 524288
H 128 U 1048576
I 256 V 2097152
J 512 W 4194304
K 1024 X 8388608
L 2048 Y 16777216
M 4096 Z 33554432
ALL 67108863

Inside of Group Policy Editor for your RDS Server’s User Policy, navigate here and do the following:

User Configuration > Preferences > Windows Settings > Registry
Right-click Registry > New > Registry-Item

Action: Update
Hive: HKEY_CURRENT_USER
Key Path: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value name: NoViewOnDrive
Value type: REG_DWORD
Value data: EnterYourValueFromAbove
Base: Decimal

Leave a Reply