Manage user rights on your local PC

Abraham DeutschIT professional
Assume you have an outside contractor who comes in seasonally or once a week to do some work in your office, but you only want to give him access to the programs and files he needs and keep all other documents and programs private. Can you do this on a local computer or only in a server environment?

The answer is Yes. It can be done on a local computer.  

Assuming a Windows 7 operating system, work through the steps below.

Step by Step

  1. Click on Start and type "mmc.exe" into the Run box 
  2. Click on File > Add/Remove Snap-in...
  3. Select "Group Policy Object Editor", then click the "Add >"  button
  4. Click on Browse in the Group Policy Wizard
  5. Click on the Users tab and select the user you want to restrict. Click OK, then Finish, then OK again
  6. Click again on File > Save, type a friendly name and save to a folder of your choice
  7. Open the folder where you saved the policy and click on New Policy
  8. Expand Local Computer\..policy
  9. Expand User Configuration\Administration Templates then click on the Start menu and Task bar
  10. Enable the following policies
    1. Remove Common Program Groups from the Start menu
    2. Remove Favorites menu from the Start menu
    3. Remove Search link from the Start menu
    4. Remove Games link from the Start menu
    5. Remove Help menu from the Start menu
    6. Remove All programs list from the Start menu
    7. Remove Pinned programs list from Start menu
    8. Remove Recent items list menu from the Start menu
    9. Remove Run menu from the Start menu
    10. Remove Default program link from Start menu
    11. Remove Document icon from the Start menu
    12. Remove Music icon from the Start menu
    13. Remove Pictures icon from the Start menu
    14. Remove the Search computer link
    15. Do not Search for Files
    16. Do not Search Programs and Control panel items
    17. Remove User’s folder from the Start menu
    18. Remove User folder link from the Start menu
    19. [You may choose to leave out some steps, or add as per your own preference. Note; this is made for a standard user. An adventurous user will likely be able to find a way around it and still get to your files]
  11. Final Settings
  12. Expand the Windows Components and Click on Windows Explorer
  13. Enable Hide this specific driver on my computer policy [select all drivers]
  14. Click on File on the menu, then click save and X out of the console
  15. Log off from this user and log in to an Unrestricted user of the computer
  16. Right click on the name (Folder) of the Restricted user/properties/sharing
  17. Click on Share and from the drop down box, add the unrestricted users, make sure they have both Read/Write access and click on Share.
  18. Copy the network path and create a new shortcut at a location of your choice (By right clicking) and paste the path you just copied (you can add a "/" which will bring up more choices so that you can select documents for example) Give it a name and complete the wizard.
  19. Return to the user folder (C:\Users) Click on the folder of the Restricted User / Desktop, Right Click and select Add shortcut.  Paste the path that you copied earlier, give it a name and complete the wizard.
  20. Now lets add a program that we want this user to have access to.  Find the program you want to share with this user,  Right click,  copy all text from the target field and repeat Steps 17-19

Now you need to configure login information for the user you want to restrict. Only the folder you created to share, as well as any programs you added to the desktop will be visible to the restricted user.

Note: The above instructions assume a Windows 7 operating system


Hope you found this article helpful


Comments (1)

Abraham DeutschIT professional
Top Expert 2016


Yes I went

Have a question about something in this article? You can receive help directly from the article author. Sign up for a free trial to get started.