How do I remove permissions for my standard user for some directories on Windows 10 Home?

Question

I have 2 users on my laptop login - "userA" "userB"

userA is an admin user userB is a standard user

I don't want userB to have access (not even read access) to C:\users\userA

Also I have some other directory c:\mydir - I don't want userB to have access to this directory also.

Currently userB has access to both of these.

I tried to open "lusrmgr.msc" to check which groups userB belongs to & change those groups to remove perms, but I get a message saying this snap-in cannot be used in this edition of Windows 10.

Next I right clicked on the relevant folders -> Properties -> Security -> Advanced Settings.

It shows

Administrators -> Full Control SYSTEM -> Full Control Users -> Read & Execute Authenticated Users -> Modify

I thought if I remove all perms for Users & Authenticated Users, that should do the trick.

When I tried to remove permissions for "Users" & "Authenticated Users", I got a message that I need to first disable inheritance. I did that.

Then it allowed me to remove "Users" & "AUthenticated Users" from the dialog I have shown above - i.e. no permissions for them to the folder.

UPDATE: I also added all perms for userA for the folder.

After I did that I logged in as userB & userA was unable to access c:\users\userA.

However, after I relogged in back as userA. Now when I started Foxit (my PDF reader), it wasn't allow able to properly access documents in c:\userA (the logged in user). I opened a doc from the recently used menu in Foxit & Foxit seemed to open it but it was hanging & I couldn't scroll to the pages. I had to run Foxit with "Run as Admin" to get it to work well. Likewise, my firefox also hung when I started Firefox. I would think a lot of applications may have a problem but I haven't tested.

So I now Enabled Inheritance again in the same dialog. Now Firefox & Foxit runs fine. However, when I go back to Advanced Security Dialog I see that just by Enabling Inheritance, both Users & Authenticated Users have permissions for c:\users\userA !!! So again now userB can access c:\users\userA.

So what do I do to disallow userB from accessing particular directories?

I am running Windows 10 Home Single Language OS Version 22H2 (Build 19045.3324).

Answer 1

By default, only the user itself, user SYSTEM and group Administrators has access to C:\Users\ username. These are special permissions, required to ensure that a profle works correctly. Administrator users can still access them after accepting the UAC dialog prompt when entering the folder of another user.

Standard users cannot access folders of other users, only their own.

The rights on C:\Users is set for all users to have read access. This is required. Subfolders have inheritence disabled, and the user itself is both owner and has full control. Other users are groups and users such as SYSTEM which need rights in order to perform functions such as backup and Windows Update.

So in order to fix this, Change the user permissions for C:\Users\UserA, disable inheritance and copy the permission, then add your own user back (UserA) and give it full control. Now remove Authenticated users and Users.

Do the same for C:\Mydir