Folder Redirection and Desktop

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I am attempting to block users from saving to their local desktop. I hide
the local drives within the policy, Remove Run from the Start Menu, and
Prevent access to the command prompt. Users are unable to save locally, but
they CAN save to the desktop.
Also, I have enabled Active Desktop and selected a jpeg file for the
wallpaper but this portion of the policy does not seem to apply. I have
verified that users are have rights to the location and file.

Greg Griffis
 
You may want to consider changing permissions on their desktop folder in
their user profile under documents and settings to be read/list/execute
only. Of course they will not be able to add or remove anything from their
desktop then. You could do such with a logon script that uses the %username%
variable in the path to the folder with a command line tool like cacls or
xcalcs. Smart users may find they can still change permissions on the
desktop folder though you can also use tools like fileacl to change
ownership of that folder.

As far as the Group Policy problem make sure that the users you want this
applied to are within the scope of influence of the Group Policy. You can
use the support tool gpresult to find out which user configuration Group
Policies have been applied to a user and the last time the policy was
applied. The gpresult /v switch give much more detailed information
including registry settings that a Group Policy is applying to a user. Also
check Event Viewer on their computers for any related events. --- Steve
 
Thank you for the reply. As it turns out, I had enabled Classic Shell which
was preventing Active Desktop from working.
As far as limiting access to the desktop, I was hoping there was a way,
within GP, to deny any right access. Is this not possible.
 
Greg Griffis said:
Thank you for the reply. As it turns out, I had enabled
Classic Shell which
was preventing Active Desktop from working.
As far as limiting access to the desktop, I was hoping there
was a way,
within GP, to deny any right access. Is this not possible.


 > >I am attempting to block users from saving to their
local desktop. I hide
 > > the local drives within the policy, Remove Run from
the Start Menu, and
 > > Prevent access to the command prompt. Users are
unable to save locally,
 > > but
 > > they CAN save to the desktop.
 > > Also, I have enabled Active Desktop and selected a
jpeg file for the
 > > wallpaper but this portion of the policy does not
seem to apply. I have
 > > verified that users are have rights to the location
and file.
 > >
 > > Greg Griffis
Click to expand...

Hi,

The only way to do this is to enable Folder Redirection and redirect
the users Desktop to a "read only" location on the server. Eg
\\users\profile\desktop. However, you must untick the "copy
current icons" and "give users control" (or something like that
can’t remember exact wording off top of my head)

Cheers,

Lara
 
Back
Top