Assume you have an outside contractor who comes in seasonally or once a week to do some work in your office, but you only want to give him access to the programs and files he needs and keep all other documents and programs private. Can you do this on a local computer or only in a server environment?
The answer is Yes. It can be done on a local computer.
Assuming a Windows 7 operating system, work through the steps below.
Step by Step
Click on Start and type "mmc.exe" into the Run box
Click on File > Add/Remove Snap-in...
Select "Group Policy Object Editor", then click the "Add >" button
Click on Browse in the Group Policy Wizard
Click on the Users tab and select the user you want to restrict. Click OK, then Finish, then OK again
Click again on File > Save, type a friendly name and save to a folder of your choice
Open the folder where you saved the policy and click on New Policy
Expand Local Computer\..policy
Expand User Configuration\Administration Templates then click on the Start menu and Task bar
Enable the following policies
Remove Common Program Groups from the Start menu
Remove Favorites menu from the Start menu
Remove Search link from the Start menu
Remove Games link from the Start menu
Remove Help menu from the Start menu
Remove All programs list from the Start menu
Remove Pinned programs list from Start menu
Remove Recent items list menu from the Start menu
Remove Run menu from the Start menu
Remove Default program link from Start menu
Remove Document icon from the Start menu
Remove Music icon from the Start menu
Remove Pictures icon from the Start menu
Remove the Search computer link
Do not Search for Files
Do not Search Programs and Control panel items
Remove User’s folder from the Start menu
Remove User folder link from the Start menu
[You may choose to leave out some steps, or add as per your own preference. Note; this is made for a standard user. An adventurous user will likely be able to find a way around it and still get to your files]
Expand the Windows Components and Click on Windows Explorer
Enable Hide this specific driver on my computer policy [select all drivers]
Click on File on the menu, then click save and X out of the console
Log off from this user and log in to an Unrestricted user of the computer
Right click on the name (Folder) of the Restricted user/properties/sharing
Click on Share and from the drop down box, add the unrestricted users, make sure they have both Read/Write access and click on Share.
Copy the network path and create a new shortcut at a location of your choice (By right clicking) and paste the path you just copied (you can add a "/" which will bring up more choices so that you can select documents for example) Give it a name and complete the wizard.
Return to the user folder (C:\Users) Click on the folder of the Restricted User / Desktop, Right Click and select Add shortcut. Paste the path that you copied earlier, give it a name and complete the wizard.
Now lets add a program that we want this user to have access to. Find the program you want to share with this user, Right click, copy all text from the target field and repeat Steps 17-19
Now you need to configure login information for the user you want to restrict. Only the folder you created to share, as well as any programs you added to the desktop will be visible to the restricted user.
Note: The above instructions assume a Windows 7 operating system
Experts Exchange is a tech solutions provider where users receive personalized tech help from vetted certified professionals. These industry professionals also write and publish relevant articles on our site.
Ask questions about what you read
If you have a question about something within an article, you can receive help directly from the article author. Experts Exchange article authors are available to answer questions and further the discussion.