How to set permissions on C Root drive for non domain users

Hi Experts,

I found out something on my clients network recently regarding C drive root permissions. My client works with sensitive data and if a user is NOT on the domain then they are not allowed to view ANYTHING on the network. I found out this week if a user connects to the network via the local lan then they are able to view files on the C drive if they enter \\servername\c$ even if they are not administrator. I need to change permissions that ONLY domain users are alllowed to view the network files, if a user is not on a network then they are not allowed to view anything. I want to restrict all users from accessing the root on the C drive. Please help! :)

Please see screenshot attached of current c drive permissions.

Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You should be using shares for your folders and removing the Inheritance settings for such said folders ie : \finance, \operations, \industrial relations .... ect .... ect
place your dept's under a main share and set the permissions in there useing groups you have created under AD. Dont inherit your pemissions from the root into the dept folders only inherit up from the dept.
You might have some work to do. Definitely dont just plonk stuff into the root c.
Is this a file server?  
What your describing shouldn't be possible.  Be default, all Administrative Shares (C$, Admin$, D$, etc) are restricted to Administrators only and they cannot be changed (only disabled).  What your describing would only be possible if (a) both computers are joined to the domain, (b) the user logged in with a domain account, and (c) the domain account used is a member, directly or indirectly, of the local Administrators group on the computer being accessed.

I would review your environment, starting with the groups the user(s) are members of and also the members of the local Administrators group on the workstations.  Somewhere, the user is getting the permissions.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
warpdevelopmentAuthor Commented:
I think permissions have been inherited incorrectly, I am going to have a look at this and will give feedback. Thanks guys.
BTW - I'm not referring to NTFS permissions.  The Administrative Shares have share-permissions that cannot be modified.  If you goto the properties of C:, Sharing tab, and click the Permissions button, you should get a message that says "This has been shared for administrative purposes.  The permissions cannot be set".

While you're there (Sharing tab), click on the 'Share Name' drop down box and make sure that the root of the C: drive hasn't been shared manually under a different share name like \\servername\c (no dollar sign).
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.