A simple way of preventing access to specific drives on a terminal server environment is using the “Prevent access to drives from My Computer” group policy. This setting is located under “User Configuration > Policies > Administrative Templates > Windows Components > File Explorer” but this option is limited to some defined drive combinations as stated in the picture below.



















So, in case we would like to prevent access to other drive letters such as (P, G, K, F, T, S or whatever it is), then we need a smarter way to do it.

Start your registry editor and find one of the following keys (depending on your use case):

1.1 If you like to apply such a setting (deny access to some drives) as a computer policy, meaning it is going to hit on everyone who logs on to the machine
HKCU Key: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
1.2 Or if you prefer to apply the setting on a specific group of users (most common scenario)
HKLM Key: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

2. Create a Value Name: NoViewOnDrive with Data Type: REG_DWORD
Now it’s time to specify a value of drive letters to prevent access to:

Value of drive letter:

A: 1, B: 2, C: 4, D: 8, E: 16, F: 32, G: 64, H: 128, I: 256, J: 512, K: 1024, L: 2048, M: 4096, N: 8192, O: 16384, P: 32768, Q: 65536, R: 131072, S: 262144, T: 524288, U: 1048576, V: 2097152, W: 4194304, X: 8388608, Y: 16777216, Z: 33554432, ALL: 67108863

So, for example let’s suppose you would like to prevent access to drive letters (C, D, E and F) at same time, then the value to specify will be 4+8+16+32=60

So basically you can achieve this by creating a simple GPO using a preference registry setting as follow:

Action: Update
Key Path: Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Value name: NoViewOnDrive
Value type: REG_DWORD
Value data: 60
Common: tick for “Run in logged-on user’s security context (user policy option)”