How to lock user desktop?

G

Guest

Is there a GPO to prevent users from saving anything (links, docs, shortcuts)
to the desktop? All I could find is a way to hide desktop icons, prevent
saving in the taskbar, etc.

I see a way to do this with mandatory profiles, but would like to go the
easier route of a GPO.

Thanks.
 
F

Florian Frommherz

Howdy Steve!
Is there a GPO to prevent users from saving anything (links, docs, shortcuts)
to the desktop? All I could find is a way to hide desktop icons, prevent
saving in the taskbar, etc.
Click to expand...

What about using the group policy filesystem-settings in CompConf\Window
s Settings\Security Settings\File System ? You can add a "rule" and deny
your users the "Write" and "Modify" permissions...

cheers,

Florian
 
G

Guest

I've not used this GPO item before - the only option I have is to add file.
What kind of file is it expecting to add so that I can try this?

Thanks.
 
F

Florian Frommherz

Howdy Steve!
I've not used this GPO item before - the only option I have is to add file.
What kind of file is it expecting to add so that I can try this?
Click to expand...

It's quite simple. The "file to add" is the "Desktop"-folder as you wish
to set permissions on that. So you need to "add" the Desktop folder and
click "OK". The editor will then open the known "Security" dialog where
you can change NTFS permissions.

If you haven't done this before, you might want to create a test-OU with
test-users and a test-computer and try this GP on them...

cheers,

Florian
 
G

Guest

Would I select the "documents & settings\all users\desktop" folder from my
local machine and then adjust permissions for all authenticated users for
read only & list?

Thanks.
 
F

Florian Frommherz

Howdy Steve!
Would I select the "documents & settings\all users\desktop" folder from my
local machine and then adjust permissions for all authenticated users for
read only & list?
Click to expand...

In order to restrict the permission for all _new_ users on the machine,
you will have to choose the "Documents and Settings\Default
User\Desktop" folder. But as I saw right now, this will not affect
existing profiles on the computers. So, you'd need to change the
existing profiles' permissions manually with a tool like subinacl.exe
(http://www.microsoft.com/downloads/...56-d8fe-4a91-93cf-ed6985e3927b&displaylang=en)

Sorry...

cheers,

Florian
 
E

Evan

You may want to consider using a mandatory roaming profile instead of
local profiles

-Evan
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

disable saving shortcuts on desktop 1
prevent saving to desktop 4
Prevent users from deleting icons from desktop 3
Desktop redirection questions 5
How does Group Policy relate to Profiles? 1
Lock access to certain drives/folders 2
How to remove Outlook Express icon from Start Menu Programs 1
Prevent users from saving music and pictures to their hard driveswithout folder redirection? 1

Top