Writes to the desktop

  • Thread starter Thread starter Bo
  • Start date Start date
B

Bo

I am trying to prevent users from writing to the desktop.
I have gone into Documents&Settings, "All Users" folder,
then "Desktop" then went to Security tab and unchecked
the Write permission for all groups and users present.

This still does not prevent users from writing. By doing
the above procedure at the server level I can prevent
users from writing to thier profile, but not the local
desktop. I have W2K Pro clients and NT 4.0 server. Thanks
 
Bo said:
I am trying to prevent users from writing to the desktop.
I have gone into Documents&Settings, "All Users" folder,
then "Desktop" then went to Security tab and unchecked
the Write permission for all groups and users present.

This still does not prevent users from writing. By doing
the above procedure at the server level I can prevent
users from writing to thier profile, but not the local
desktop. I have W2K Pro clients and NT 4.0 server. Thanks
Click to expand...

Whenever users save something to the desktop, they save it to

%UserProfile%\Desktop which usually expands to
c:\Documents and Settings\BEdwards\Desktop rather than
c:\Documents and Settings\All Users\Desktop

You would therefore have to apply your restriction to the correct
folder. I doubt that you can do it with a general setting. You may
have to insert the following instruction in your logon script:

cacls /T /E /G:%UserName%:R "%UserProfile%\Desktop\*.*"

Before you do this you have to ensure that the command does
not interfere with your roaming profiles. I think it does.

A better way might be to change the group policy: Run gpedit.msc,
then follow this path:

User Configuration / Administrative Templates / Desktop / Active Desktop

There are several settings that let you prohibit changes/additions/
deletions.
 
-----Original Message-----

Thanks

Whenever users save something to the desktop, they save it to

%UserProfile%\Desktop which usually expands to
c:\Documents and Settings\BEdwards\Desktop rather than
c:\Documents and Settings\All Users\Desktop

You would therefore have to apply your restriction to the correct
folder. I doubt that you can do it with a general setting. You may
have to insert the following instruction in your logon script:

cacls /T /E /G:%UserName%:R "%UserProfile% \Desktop\*.*"

Before you do this you have to ensure that the command does
not interfere with your roaming profiles. I think it does.

A better way might be to change the group policy: Run gpedit.msc,
then follow this path:

User Configuration / Administrative Templates / Desktop / Active Desktop

There are several settings that let you prohibit changes/additions/
deletions.


.
Click to expand...
 
Back
Top