Writes to the desktop

  • Thread starter Thread starter Bo
  • Start date Start date
B

Bo

I am trying to prevent users from writing to the desktop.
I have gone into Documents&Settings, "All Users" folder,
then "Desktop" then went to Security tab and unchecked
the Write permission for all groups and users present.

This still does not prevent users from writing. By doing
the above procedure at the server level I can prevent
users from writing to thier profile, but not the local
desktop. I have W2K Pro clients and NT 4.0 server. Thanks
 
Bo said:
I am trying to prevent users from writing to the desktop.
I have gone into Documents&Settings, "All Users" folder,
then "Desktop" then went to Security tab and unchecked
the Write permission for all groups and users present.

This still does not prevent users from writing. By doing
the above procedure at the server level I can prevent
users from writing to thier profile, but not the local
desktop. I have W2K Pro clients and NT 4.0 server. Thanks
Click to expand...

Whenever users save something to the desktop, they save it to

%UserProfile%\Desktop which usually expands to
c:\Documents and Settings\BEdwards\Desktop rather than
c:\Documents and Settings\All Users\Desktop

You would therefore have to apply your restriction to the correct
folder. I doubt that you can do it with a general setting. You may
have to insert the following instruction in your logon script:

cacls /T /E /G:%UserName%:R "%UserProfile%\Desktop\*.*"

Before you do this you have to ensure that the command does
not interfere with your roaming profiles. I think it does.

A better way might be to change the group policy: Run gpedit.msc,
then follow this path:

User Configuration / Administrative Templates / Desktop / Active Desktop

There are several settings that let you prohibit changes/additions/
deletions.
 
-----Original Message-----

Thanks

Whenever users save something to the desktop, they save it to

%UserProfile%\Desktop which usually expands to
c:\Documents and Settings\BEdwards\Desktop rather than
c:\Documents and Settings\All Users\Desktop

You would therefore have to apply your restriction to the correct
folder. I doubt that you can do it with a general setting. You may
have to insert the following instruction in your logon script:

cacls /T /E /G:%UserName%:R "%UserProfile% \Desktop\*.*"

Before you do this you have to ensure that the command does
not interfere with your roaming profiles. I think it does.

A better way might be to change the group policy: Run gpedit.msc,
then follow this path:

User Configuration / Administrative Templates / Desktop / Active Desktop

There are several settings that let you prohibit changes/additions/
deletions.


.
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

User deleting shared desktop shortcuts 2
prohibit user from changing desktop shortcuts 2
EvilGnome. 2
Need to write a file to a location. 4
file rights 1
Error 0xC00D3E8E: The property is read only. One way to fix. 1
Client settings change 1
Files and Folders Reappear After Deletion on desktop 2

Back
Top