0

Windows 10, have two profiles and also two partitions, one mine, Administrator account, and another newly created guests account for cousin... but, when I logged in, I was shocked to see, that it had access to read all files in my drive partitions.. for now i have denied the guests account access, for D drive, using folder security permissions...but have some doubts regarding C drive access blocking

  1. I guess, we cant do same(deny control for other users) for C drive, can I do that?. is it safe?
  2. Please tell me, which folders, I shouldnt deny access to, so that it doesnt mess up things.. like windows folder in c drive.. any other important folders, which I shouldnt deny access to...
  3. Can I block guest user, access to Program files folder, in C drive, since I dont need, any software to be used in guest user profiles... If need to install an app, then create-n-use new Installation folder..

I had thought, adding new user, in windows be like, easy as android, just create new user, without any privacy leak, from other users... creating a temp-user profile, along with protecting my main profiles privacy, is difficult in windows.

Improve this question
3
  • 2
    If you deny a specific user access to Program Files that means they won’t have access to any application that you have installed including your UWP applications. Denying access to Program Files can its own problems. Easier to just not allow those applications to run. This user should only have to their own profiles data, unless the data is stored outside l, of the other user’s profile directory
    – Ramhound
    Commented Nov 10, 2023 at 17:21
  • 1
    When you created the new user, what account type was applied? If Administrator, your cousin can access everything. See pureinfotech.com/create-local-account-windows-10 to reduce privileges.
    – DrMoishe Pippik
    Commented Nov 10, 2023 at 17:28
  • @Ramhound Easier to just not allow those applications to run. how do I do that?.. block application from running in other users-profiels
    – hasoma
    Commented Nov 11, 2023 at 8:18

1 Answer 1

Reset to default
2

By default, the only real private files in windows with no read permissions are the %userprofile% folders (Usually C:\users\username\) and some system files. If you want other folders to be hidden, you must set them as such.

A normal, non-administrator user account can only write inside their own %userprofile% folder and system %TEMP% by default. However, new folders created by you like C:\MySecrets\, including additional drives/partitions like D:, will allow the Users group to write unless you remove that permission.

Generally, you should avoid changing the default permissions on at least C:\Users\ and C:\Windows\ and subfolders for windows to operate normally for regular users. C:\Program Files\,C:\Program Files (x86)\, and C:\ProgramData\ have some unique permissions that are easy to mess up if you just apply permission changes at the top level. And C:\Program Files\WindowsApps\ specifically should not be touched.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .