Assume you have an outside contractor who comes in seasonally or once a week to do some work in your office, but you only want to give him access to the programs and files he needs and keep all other documents and programs private. Can you do this on a local computer or only in a server environment?
The answer is Yes. It can be done on a local computer.
Assuming a Windows 7 operating system, work through the steps below.
Step by Step
- Click on Start and type "mmc.exe" into the Run box
- Click on File > Add/Remove Snap-in...
- Select "Group Policy Object Editor", then click the "Add >" button
- Click on Browse in the Group Policy Wizard
- Click on the Users tab and select the user you want to restrict. Click OK, then Finish, then OK again
- Click again on File > Save, type a friendly name and save to a folder of your choice
- Open the folder where you saved the policy and click on New Policy
- Expand Local Computer\..policy
- Expand User Configuration\Administration Templates then click on the Start menu and Task bar
- Enable the following policies
- Remove Common Program Groups from the Start menu
- Remove Favorites menu from the Start menu
- Remove Search link from the Start menu
- Remove Games link from the Start menu
- Remove Help menu from the Start menu
- Remove All programs list from the Start menu
- Remove Pinned programs list from Start menu
- Remove Recent items list menu from the Start menu
- Remove Run menu from the Start menu
- Remove Default program link from Start menu
- Remove Document icon from the Start menu
- Remove Music icon from the Start menu
- Remove Pictures icon from the Start menu
- Remove the Search computer link
- Do not Search for Files
- Do not Search Programs and Control panel items
- Remove User’s folder from the Start menu
- Remove User folder link from the Start menu
- [You may choose to leave out some steps, or add as per your own preference. Note; this is made for a standard user. An adventurous user will likely be able to find a way around it and still get to your files]
- Final Settings
- Expand the Windows Components and Click on Windows Explorer
- Enable Hide this specific driver on my computer policy [select all drivers]
- Click on File on the menu, then click save and X out of the console
- Log off from this user and log in to an Unrestricted user of the computer
- Right click on the name (Folder) of the Restricted user/properties/sharing
- Click on Share and from the drop down box, add the unrestricted users, make sure they have both Read/Write access and click on Share.
- Copy the network path and create a new shortcut at a location of your choice (By right clicking) and paste the path you just copied (you can add a "/" which will bring up more choices so that you can select documents for example) Give it a name and complete the wizard.
- Return to the user folder (C:\Users) Click on the folder of the Restricted User / Desktop, Right Click and select Add shortcut. Paste the path that you copied earlier, give it a name and complete the wizard.
- Now lets add a program that we want this user to have access to. Find the program you want to share with this user, Right click, copy all text from the target field and repeat Steps 17-19
Now you need to configure login information for the user you want to restrict. Only the folder you created to share, as well as any programs you added to the desktop will be visible to the restricted user.
Note: The above instructions assume a Windows 7 operating system
Hope you found this article helpful
Comments (1)
Author
Commented: