Removing "File and Folder tasks"

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Dear All,
How can we remove "File and Folder tasks" option from Windows explorer? I
removed "File" menu from Windows explorer through GPO. But this has no
relevance as users can still create folders through this option. Kindly
suggest me on this.

Regards
Ram
 
You should be configuring your NTFS permissions on the operating system so
that users do not have permission to create folders where you do not want
them to. See the link below if you need help on how to do that. Offhand I
don't know how to "hide" as you request but NTFS permissions are much better
as hiding the interface in Windows Explorer will not prevent users from
creating folders via the command line or through applications. When checking
folder permissions always check the advanced page also. There for instance
you will see that users can create folders in the drive/root folder but that
can be changed. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;308418
 
You can put the computers you want to enforce the NTFS permissions on into
an Organizational Unit. create a Group Policy to enforce the NTFS
permissions, and then link it to that OU. Do NOT attempt to apply NTFS
permissions at the domain level as it will then affect domain controllers
and could cause complications. Place a couple test computers into the
Organizational Unit first to make sure that the NTFS settings are exactly
what you expect and that the user AND administrator can function normally on
the computer and also check the NTFS settings for the documents and settings
folder and user profile folders because if you incorrectly apply NTFS
permissions with Group Policy you can mess those up particularly if forcing
inheritance is used. Using Group Policy to manage NTFS settings is a bit
tricky until you get used to it and removing the Group Policy will not
reverse the settings to what they were. Also once the NTFS settings have
been applied you may remove that Group Policy setting. Go to computer
configuration/Windows settings/security settings/file system to see where to
manage NTFS permissions. Another alternative is to use the cacls command in
a batch file and use Group Policy startup or logon script to change NTFS
permissions. A logon script would only work on folders that the user has
full control permissions on while a startup script can be used on just about
everything else. Also do not use deny permissions particularly for
everyone/users groups as that will also affect administrators. --- Steve
 
Thanks Steve.

Regards
Ram

Steven L Umbach said:
You can put the computers you want to enforce the NTFS permissions on into
an Organizational Unit. create a Group Policy to enforce the NTFS
permissions, and then link it to that OU. Do NOT attempt to apply NTFS
permissions at the domain level as it will then affect domain controllers
and could cause complications. Place a couple test computers into the
Organizational Unit first to make sure that the NTFS settings are exactly
what you expect and that the user AND administrator can function normally on
the computer and also check the NTFS settings for the documents and settings
folder and user profile folders because if you incorrectly apply NTFS
permissions with Group Policy you can mess those up particularly if forcing
inheritance is used. Using Group Policy to manage NTFS settings is a bit
tricky until you get used to it and removing the Group Policy will not
reverse the settings to what they were. Also once the NTFS settings have
been applied you may remove that Group Policy setting. Go to computer
configuration/Windows settings/security settings/file system to see where to
manage NTFS permissions. Another alternative is to use the cacls command in
a batch file and use Group Policy startup or logon script to change NTFS
permissions. A logon script would only work on folders that the user has
full control permissions on while a startup script can be used on just about
everything else. Also do not use deny permissions particularly for
everyone/users groups as that will also affect administrators. --- Steve
Click to expand...
 
Back
Top