Change the permissions on the folder so that the user has only
read/list/execute. Typically this is the user's desktop folder. You could
use a Group Policy logon script using the cacls command and the %username%
variable in the path to the users profile. The user would be able to change
permissions back if he was the owner of that folder and knew how to change
permissions. In XP Pro you can remove the security tab from the user via
Group Policy and use Software Restriction Policy to prevent the running of
common tools to change permissions at the command line such as cacls and
xcacls. --- Steve
