I added boot camp to one of my macs and happy found that that Windows 7 supports reading HFS drives. Which means it had access to my Mac OS X installation. Sadly it didn’t keep the user permissions setup and I could see everything from all users. Not acceptable for a family used computer.
So some google searches did bring up some options, however I found that all of them alone don’t resolve the issue completely.
The first thing I found suggested using “gpedit.msc” to add policy in User Configuration -> Administrative Templates -> Windows Components -> Windows Explorer in the “Prevent access to drives from My Computer” policy. However this had two limitations here. First off it applies to the current local user only and secondly it only did drives A-D. Which doesn’t help me with drive E.
Now, I can open “mmc”, go to add a snap in, select Group policy editor, click browse and then the users tab to set it to non administrators. However the secondary limitation was still the problem. I needed to do a non default drive that the group policy editor didn’t support. Which makes it almost useless.
Another solution I found was to modify the windows registry to do this. HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer may contain a dword called “NoViewOnDrive”. This is perfect for what I want as I can limit it to other drives. A article on how to geek explained how the data was represented. So this works out for me.
However that solution had the same problem as first time where it only the current user. So after more searches not turning up anything useful I found a solution that works. By using the mmc I created above to add a policy for non administrators, it added that data into the registry. I simply used the find function to locate “NoViewOnDrive”. After some searches, I located it.
I do want to mention I did close the mmc I was using and opened the registry editor before. Data may be outdated otherwise and may not update. But it was simple to do this after which as I modified the value to match what I wanted. Now it appears to be working just fine for non administrators and is preventing access to the drive. A little more work than I wish I would of had to do in order to accomplish this, but it got the job done.
There is a similar dword in the registry called NoDrives. This simply hides the drives and does not prevent access to them. I left the drive visible as it really doesn’t bother me to see it. I just needed to prevent its unleashed access to the drive.