I have 2 users on my laptop login - "userA" "userB"
userA is an admin user userB is a standard user
I don't want userB to have access (not even read access) to C:\users\userA
Also I have some other directory c:\mydir - I don't want userB to have access to this directory also.
Currently userB has access to both of these.
I tried to open "lusrmgr.msc" to check which groups userB belongs to & change those groups to remove perms, but I get a message saying this snap-in cannot be used in this edition of Windows 10.
Next I right clicked on the relevant folders -> Properties -> Security -> Advanced Settings.
It shows
Administrators -> Full Control SYSTEM -> Full Control Users -> Read & Execute Authenticated Users -> Modify
I thought if I remove all perms for Users & Authenticated Users, that should do the trick.
When I tried to remove permissions for "Users" & "Authenticated Users", I got a message that I need to first disable inheritance. I did that.
Then it allowed me to remove "Users" & "AUthenticated Users" from the dialog I have shown above - i.e. no permissions for them to the folder.
UPDATE: I also added all perms for userA for the folder.
After I did that I logged in as userB & userA was unable to access c:\users\userA.
However, after I relogged in back as userA. Now when I started Foxit (my PDF reader), it wasn't allow able to properly access documents in c:\userA (the logged in user). I opened a doc from the recently used menu in Foxit & Foxit seemed to open it but it was hanging & I couldn't scroll to the pages. I had to run Foxit with "Run as Admin" to get it to work well. Likewise, my firefox also hung when I started Firefox. I would think a lot of applications may have a problem but I haven't tested.
So I now Enabled Inheritance again in the same dialog. Now Firefox & Foxit runs fine. However, when I go back to Advanced Security Dialog I see that just by Enabling Inheritance, both Users & Authenticated Users have permissions for c:\users\userA !!! So again now userB can access c:\users\userA.
So what do I do to disallow userB from accessing particular directories?
I am running Windows 10 Home Single Language OS Version 22H2 (Build 19045.3324).
Explicitly deny that single user’s access to the directory
- this worked. Now I am able to deny that user access without causing other issues. If you want to write this as an answer, I can accept it. And they weren't an administrator - just standard user.