Hide Hard Drives from Other Users

  • Thread starter Thread starter Tango T
  • Start date Start date
T

Tango T

XP Home edition. I have my admin account and my daughter has her user
account. She can't get into admin My Documents but she can get into my USB
external drive with all my work documents. Is there a way to hide/deny her
access to my USB drive but still give me access just in case I forget to
unplug the drive?

Tango
 
Tango T said:
XP Home edition. I have my admin account and my daughter has her user
account. She can't get into admin My Documents but she can get into my
USB external drive with all my work documents. Is there a way to
hide/deny her access to my USB drive but still give me access just in case
I forget to unplug the drive?
Click to expand...

If the drive letter is always constant, you can remove it from nearly all
options screens, including "My Computer", etc. by using TweakUI.

Direct Download Link:
http://download.microsoft.com/downl...a6-b352-839afb2a2679/TweakUiPowertoySetup.exe
Page Link (many other PowerToys):
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx

Once installed, run and go to (in left column):
My Computer, Drives.
Uncheck whatever the drive letter is of your USB drive. It will no longer
show up, but will still be fully accessible by typing "<drive letter>:\"
into the Address bar in either Explorer or Internet Explorer (Version 6.X
and under for IE).

Enjoy!
 
Tango T said:
XP Home edition. I have my admin account and my daughter has her user
account. She can't get into admin My Documents but she can get into my
USB external drive with all my work documents. Is there a way to
hide/deny her access to my USB drive but still give me access just in case
I forget to unplug the drive?
Click to expand...

Oh, I should have mentioned this in the other post... The drive will still
be fully accessible to ANYONE that knows it's there and knows the drive
letter of the drive. You may want to change the drive letter to something
other than it's normal one if you want to add a bit more "security" to it...
 
You can do it by denying the System account permissions on usbstor.inf
and usbstor.pnf when she logs on. When you log on you reverse the
restrictions and allow the System account permissions on the files. You
can use the CACLS command in a batch file to accomplish this. At this
time my plan is only "half baked" ;-) and I don't have a USB drive to
test this on so you will have to do some tinkering, but it would go
something like this:

To deny:

cacls %systemroot%\inf\usbstor.inf /e /p system:n
cacls %systemroot%\inf\usbstor.pnf /e /p system:n


To allow:

cacls %systemroot%\inf\usbstor.inf /e /p system:f
cacls %systemroot%\inf\usbstor.pnf /e /p system:f


You can make a little batch files with these two little command lines
and then have a logon script process the batch file for each respective
users and the desired permissions will be applied when the users log on.

As I said, "the plan is only half baked" so you may have to adjust the
oven temperature. If the cake flops we may have to adjust the recipe
and add more baking powder. Let us know how you make out with it and if
it works.

Oh, I almost forgot, to check permissions use the cacls command as follows:

cacls %systemroot%\inf\usbstor.inf

change the file name accordingly when verifying the file permissions.


Permissions enabled it will look like this (note the NT AUTHORITY\SYSTEM
permissions :F ):

C:\>cacls %systemroot%\inf\usbstor.inf
C:\WINDOWS\inf\usbstor.inf BUILTIN\Users:R
BUILTIN\Power Users:R
BUILTIN\Administrators:F
NT AUTHORITY\SYSTEM:F


C:\>cacls %systemroot%\inf\usbstor.pnf
C:\WINDOWS\inf\usbstor.PNF NT AUTHORITY\SYSTEM:F
BUILTIN\Users:R
BUILTIN\Power Users:C
BUILTIN\Administrators:F


Permissions denied it will look like this (note the NT AUTHORITY\SYSTEM
permissions :N):

C:\>cacls %systemroot%\inf\usbstor.inf
C:\WINDOWS\inf\usbstor.inf NT AUTHORITY\SYSTEM:N
BUILTIN\Users:R
BUILTIN\Power Users:R
BUILTIN\Administrators:F


C:\>cacls %systemroot%\inf\usbstor.pnf
C:\WINDOWS\inf\usbstor.PNF NT AUTHORITY\SYSTEM:N
BUILTIN\Users:R
BUILTIN\Power Users:C
BUILTIN\Administrators:F

See here for more information on CACLS:
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/cacls.mspx?mfr=true

Once again, let me know if it works.

John
 
Back
Top