NoViewOnDrive
HKCUSoftwareMicrosoftWindowsCurrentVersionPoliciesExplorer
| Data type | Range | Default value |
| REG_DWORD | 0x0–0x3FFFFFF | 0x0 |
Description
Prevents users from using My Computer to access the content of selected drives.
When a drive is represented in the value of this entry, users cannot view the contents of the selected drives in My Computer or in Windows Explorer. Also, they cannot use the Run dialog box, the Map Network Drive dialog box, or the Dir command to view the directories on these drives.
This entry stores the setting of the Prevent access to drives from My Computer Group Policy. Group Policy adds this entry to the registry when you enable the policy. If you disable the policy or set it to Not configured, Group Policy deletes this entry from the registry, and the system behaves as though the value is 0x0.
The value of this entry is a 32-bit bitmask. The lower 26 bits correspond to the 26 letters used to identify drives on the local computer and its network. The rightmost bit represents drive A; the 26th bit from the right represents drive Z. To restrict access to a drive, set the bit that corresponds to its drive letter to 1. To permit access to a drive, set the bit that corresponds to its drive letter to 0. To restrict access to all 26 drives, set all bits to 1, which corresponds to a value of 0x3FFFFFF.
Group Policy sets the value of this entry to one of the following:
| Value | Meaning |
| 0x0 | Do not restrict any drives. All drives appear. |
| 0x3 | Restrict A and B drives only. |
| 0x4 | Restrict C drive only. |
| 0x7 | Restrict A, B, and C drives only. |
| 0x8 | Restrict D drive only. |
| 0xF | Restrict A, B, C, and D drives only. |
| 0x03FFFFFF | Restrict all drives. |
Change method
To change the value of this entry, use Group Policy. This entry corresponds to the Prevent access to drives from My Computer Group Policy (User ConfigurationAdministrative TemplatesWindows ComponentsWindows Explorer). Select a drive or combination of drives from the drop-down list.
Note
If the policy is enabled, the icons representing the specified drives still appear in My Computer, but, if a user double-clicks the icons, a message appears explaining that a policy prevents the action.
This entry does not prevent users from using programs to access local and network drives. Also, it does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
By default, the system permits access to all drives. Therefore, disabling the Prevent access to drives from My Computer policy, not configuring the policy, or enabling the policy and setting it to Do not restrict drives have no effect on the system.
Reference: NoViewOnDrive
0 thoughts on “Group Policy: Prevent access to drives from MyComputer”
very nice article.
I am trying to prevent access to drives A, B, C, D, and Q, but the Q option is not available. I was able to edit the admx file for the hide drive, but I am not able to fine the admx file for the prevent access so that I can edit it and prevent acccess to the Q dirve as well.
any ideas?
Thanks
MJ Almassud,
If you want more specific restrictions, like you want, you can use decimal no. instead of hexadecimal no. Following is a list for all drives decimal no.:
A: 1
B: 2
C: 4
D: 8
E: 16
F: 32
G: 64
H: 128
I: 256
J: 512
K: 1024
L: 2048
M: 4096
N: 8192
O: 16384
P: 32768
Q: 65536
R: 131072
S: 262144
T: 524288
U: 1048576
V: 2097152
W: 4194304
X: 8388608
Y: 16777216
Z: 33554432
ALL: 67108863
Further, if you want to disable a combination of drives, just sum their numbers and give the same value to NoViewOnDrive. e.g., for restricting C, D, E and F drives, give the value: 4+8+16+32 = 60
Hope this helps you.