Desktop Policies

[Guest]

I would like to know on windows xp based computers how to avoid ordinary
users with local administrator privileges from deleting desktop shortcuts
(ex. shortcut to word document) created by local administrators (advanced
users).

Palataform: Windows XP
Network: Novell
Drive C (location where Windows XP is installed): FAT32
Drive G (location where the files are located): Novell - The files are
located in a folder with read only privileges.

The ordinary users log on XP workstations with administrator privileges.

Is there a Microsoft document explaining how to do this?

Thanks in advance,

 

[bagins]

Hi, Luiz,
Microsoft documents will explain that ordinary users should not log in as
administrators.
If you are administrator, you have absolute power over your machine. You can
delete files, format drives and do other potentially dangerous things.
Users should log in as ordinary users, nothing more.

 

[bagins]

Hi, Luiz,
Microsoft documents will explain that ordinary users should not log in as
administrators.
If you are administrator, you have absolute power over your machine. You can
delete files, format drives and do other potentially dangerous things.
Users should log in as ordinary users, nothing more.

 

[Guest]

Hi,

The ordinary users needs administrator privileges because they change the
time settings, but we are trying to implement a policie to restrict desktop
shortcuts to be deleted.

Thanks,

"bagins" escreveu:

 

[bagins]

Ah, ok.
You can give the right to change system time to ordinary users using local
security policy.
Local Security Policy -> Local Policies -> User Rights Assignment -> Change
the System Time

You can also try with mandatory user profiles, but it is a lot of work,
especially if your machines are not domain members.
More about man profiles:
http://support.microsoft.com/default.aspx?scid=kb;en-us;307800&sd=tech

 

[Steven L Umbach]

Bagins told you how to give uses the ability to change system time which is
not a good idea if the computers are in an Active Directory domain. You can
also manage NTFS permissions on the desktop folders for all users and user
profile so that users have only read/list/execute permission. Of course any
administrator or owner of the folder can change permissions on that folder
if they know how to and desire to . --- Steve

 

[bagins]

Hi, Steven,
you are absolutely right regarding dangers of changing system time, but
Luiz said that they have FAT32 (admins nightmare ;-) ), so NTFS security is
out of question. Of course they can change fat to ntfs, but I am afraid that
Novel will not boot anymore.
Regards

 

[Steven L Umbach]

Thanks for that as I missed the part about FAT32. --- Steve

 

[bagins]

Thank you.

Regards

--
*** bagins ***

Thanks for that as I missed the part about FAT32. --- Steve