Desktop Lockdown

D

DCA

Trying to enforce a policy of not allowing changes on the user's desktop.
We're looking to enable a policy that will not even allow users to move
icons around. Thanks in advance.
 
C

Chriss3

Hello DCA.

There is a policy to prevent users from using the desktop at all.

User Configuration\AdministrativeTemplates\Desktop\
Hide all icons on Desktop

You may want to take use of Mandatory Profiles to prevent users from do any
changes at all to there profile.

If you just want to lockdown the desktop and prevent users from creating
item on the desktop you have to modify ACL and prevent users from access the
Desktop Folder in there profile, may by redirect the Desktop out side the
profile with Folder Redirection within a Group Policy.

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1
 
D

DCA

Thanks Chris,

We don't want to hide the icons, just not have the user the ability to move
them around. At the very least if, that's not possible, then if they log
off and log back in, the desktop will "refresh" and icons will retain their
position. Currently we have the desktop locked down so users cannot add or
delete items to it.
 
C

Chriss3

Hello Mandatory Profiles may are an alternative for your organization?

User Data and Settings Management:
http://www.microsoft.com/technet/tr...windowsserver2003/maintain/operate/user01.asp

Here is a few policies you may can enable I think this is the closest we can
get with the built-in policy settings.

User Configurations Node:

Administrative Templates\Start Menu and Taskbar\
Remove and prevent access to the Shut Down command

Administrative Templates\Start Menu and Taskbar\
Prevent changes to Taskbar and Start Menu Settings

Administrative Templates\Start Menu and Taskbar\
Prevent grouping of taskbar items

Administrative Templates\Desktop\
Prevent adding, dragging, dropping and closing the Taskbar's toolbars

--
Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1
 
D

DCA

I was hoping for something easier (like your previous advice on GPO). A reg
hack or something along those lines.
 
C

Chriss3

If you want to take advantage of a none built-in GPO setting you have to
write your own Administrative Template to change the registry enterys.

Add or remove an Administrative Template (.adm file):
http://www.microsoft.com/technet/pr...003/proddocs/entserver/gptext_addtemplate.asp

HOW TO: Create Custom Administrative Templates in Windows 2000:
http://support.microsoft.com/default.aspx?scid=kb;en-us;323639

This will help you to configure any registry based setting within a Group
Policy, Hope that helps
--
Best Regards,

Christoffer Andersson
No email replies please - reply in the newsgroup
If the information was help full, you can let me know at:
http://www.itsystem.se/employers.asp?ID=1
 
W

Willv

How about re-directing the Desktop to a file share with
GPO. Then restrict Users NTFS permissions to read-only
access on that share.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top