A computer with Windows 10 Pro has several users (let’s use administrator A and standard users B and C as examples). In addition to the already existing standard folders (in the /users/), I would like to make further folders that only a specific user has access to, possibly on other drives. I don’t mind if the administrator account(s) can have access to those folders. But the other regular users should not have access.
I have found instructions about restricting access by other users (for example here). The advice is to prohibit user B’s folder from user C (and possible other already existing users). But this approach has at least two major flaws:
- If you have many users, it’s quite cumbersome to go through all
new folders and prohibit all others of using them. 2)
- If the computer has a new user (say, D), the new user will have access to B’s and
C’s private folders (unless the administrator who created the account
remembers to assign the appropriate prohibitions).
So is there a way to define folder permissions in such a way that all other users cannot access the folder by default? I’m thinking of setting something in the permissions of the user’s folder, not something that affects the folder functions in a more complicated manner.
Disable permission inheritance for those folders. Then remove the “Users” or “Everyone” access entries, replacing them with just the specific accounts or groups that you need to grant access to. Everyone else will be automatically denied access.
Windows permissions are generally evaluated in this order:
- If a user matches a “Deny” entry, they’re denied the permission.
- If a user matches an “Allow” entry, they’re granted the permission.
- If a user doesn’t match any entries, they’re denied the permission.