Windows – **GPO – How to block creation of folder and files in root directory in Windows 10

filesystemsgroup-policywindows 10

I would like to use a GPO setting to block users to create folders and files in the root directory in Windows 10.
Searching on internet I found the setting

Computer configuration -> Policies -> Windows settings-> Security
Settings-> File System

where I created an entry for %SystemDrive%\ where Authenticated users have "Deny" to "Create Files/Write data" and "Create folders/append data", applied to "This folder only".

After saving and linking the GPO, I rebooted the workstation to get the new policies but the settings does not block anything.

Any idea what could be wrong? any other suggestion to achieve the same result?

thanks a lot.

Best Answer

  • We can try to troubleshoot as below:

    1. If the Windows 10 is in the domain environment? If it is in the domain, we can run gpresult report in windows 10 to see if the policy is applied. If it is applied, but it can not block creation folders and files, go to step 2.
    2. Block other folders in the root directory to see if we can applied the group policy successfully. If we can, maybe we can not set the permission of system root directory.
    3. If the Windows 10 is not in the domain environment, please keep in mind that this process is only available to a domain with a server running the Group Policy Management feature... standalone systems and workgroups still need to manually assign these permissions! So we can try to set the permission manually.

    Reference:

    Assign File & Folder Permissions Via Group Policy

    https://www.linkedin.com/pulse/assign-file-folder-permissions-via-group-policy-farid-soltani

    Creating File System security GPOs

    https://library.netapp.com/ecmdocs/ECMP1401220/html/GUID-A8D101D3-729F-4299-A591-4AC55A5DD12E.html

    Group Policy – GPResult Examples

    https://blog.thesysadmins.co.uk/group-policy-gpresult-examples.html

  • Related Question