# how to prevent access to \\127.0.0.1\c$ or \\localhost\c$



## curwin (Feb 27, 2017)

For security purposes, we want to prevent our users from accessing the C drive on their computers and on the terminal servers. These users are *not* local admins on either their workstations or the servers.

We have implemented the following Group Policy settings:

- Remove Run Menu from Start Menu
- Hide these specified drives in My Computer - Restrict C drive only
-Prevent access to drives from My Computer - Restrict C drive only

This does prevent the users from accessing the C drive from Windows Explorer.

However, if they enter \\127.0.0.1\c$ or \\localhost\c$ they can access the C drive from any of these ways:

Internet Explorer / Edge

Chrome

A link in Microsoft Word

How can I prevent this? I repeat - they are not admins in any form, and yet they can access the C drive via the administrative share. (I am also not the only person reporting this problem).

I would be happy to block access to any UNC paths (as long as I can still map drives for them), or to prevent or misdirect 127.0.0.1/localhost. But nothing I have tried works, and I really need to prevent this.

Any ideas? It's most important for me to find a way to block this on Windows 10 Enterprise, but it seems to be an issue in various Workstation and Server operating systems.

Thanks,

David


----------



## lunarlander (Sep 22, 2007)

Stop and disable the Server service. This will also prevent you from sharing folders of the PC.


----------



## curwin (Feb 27, 2017)

I have found a solution in this link:

https://social.technet.microsoft.co...over-loopback-address?forum=winserversecurity

The registry fix solves the problem!


----------

