Link to home
Start Free TrialLog in
Avatar of Spike99
Spike99Flag for United States of America

asked on

Hide local user folders on Server 2008 desktop

In Server 2008, when a user on one of our terminal servers logs on, they see a documents folder on their desktop which is labeled with their AD dsplay name (Lasl name, First Name).  Inside that folder are many links to their local user folder:
Contacts
Desktop
Documents
Downloads, etc.

There are actually 2 "Documents" folders in there.  One takes them to C:\Users\%username%\documents.  The other one takes the user to the "My Documents" folder which is set by GPO:  H:\My Documents.  H: is mapped to a DFS share:  \\DOMAIN\Share\homedirs\%username%.  The custom ADM template we use points "My Documents" to:  H:\My Documents. The custom ADM template also hide drives A: - F.  The GPO also redirects the desktop to a DFS share:  \\DOMAIN\share\desktop.  The classic start menu setting is enabled.

We don't backup the terminal server C: drives & really don't want people to have access to those links to their local profile folders that show up in there (like the "Documents" icon that links to C:\users\USERNAME\Documents). I tried to enable the "Remove the My Documents from the desktop" setting in the GPO, but this had no effect and the user folder still appears on the desktop.

So, I want to put a link to H:\My Documents on their redirected desktop folder & completely remove the User folder, but I haven't had any success. Through much googling, I found out which registry key hides that folder, so I tried creating a custom ADM template to hide it, but it didn't work.

This is the key I need to edit:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu\{59031a47-3f72-44a7-89c5-5595fe6b30ee}

This key needs to have a value of "1" to hide the desktop user folder.

Here is what I put into my template.  I've never created a custom ADM template before, so I'm not sure what I doing wrong with this one.  The GPO is linked to a TEST OU that only has the test account in it.

CLASS USER

	CATEGORY "Windows Components"

	CATEGORY "Windows Explorer"

		KEYNAME "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu"

		POLICY "Hide User Folder on Win2k8 Desktop"
			VALUENAME "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"
				VALUEON "1"
			EXPLAIN "Setting to remove User folder from Windows Server 2008 Desktop"

		END POLICY

	END CATEGORY

	END CATEGORY

Open in new window


When I created a VBS script to make the same registry change that hides that user folder on the desktop, it worked great.  So, I guess I could run it as a logon script if need be, but I'd prefer a policy:

dim strComputer

' Read computer name from argument supplied - if no argument, assume local machine
if WScript.Arguments.Count<1 then
    strComputer="."
else
    strComputer=WScript.Arguments(0)
end if

Const HKEY_CURRENT_USER = &H80000001
Const HKEY_LOCAL_MACHINE = &H80000002
dim oReg: Set oReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv")

keypath = "Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons"
keypath2 = "Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu"

oReg.CreateKey HKEY_CURRENT_USER, keypath
oReg.CreateKey HKEY_CURRENT_USER, keypath2

oReg.SetDWORDValue HKEY_CURRENT_USER, keypath2, "{59031a47-3f72-44a7-89c5-5595fe6b30ee}","1"

Open in new window


I had to create 2 keypaths in this script, because the "hidedesktopicons" key didn't exist for my test user account or for my account, so creating the ClassicStartMenu key didn't work until I put in another line to create the first key.

It occured to me that possibly the The ADM template didn't work because that key didn't exist.  But, the GPO fails even after running the VBS script to add that key.  I created another version of this VBS script with a value of "0" at the end to turn the User folder back on so I can toggle the setting off & on for testing of the GPO.

The on/off scripts work really well: I can toggle the user folder off and on pretty much at will (I just have to press F5 to refresh the desktop), but the ADM template appears to have no effect at all.

Can someone tell me what's wrong with the ADM template?  We have a mix of 2003 & 2008 servers, but we have to use the Group Policy Management Console for 2003: some of our policies got corrupted when we used the 2008 GPMC, so using a 2008 ADMX isn't posisble for us.

Thanks,

Alicia
ASKER CERTIFIED SOLUTION
Avatar of Justin Owens
Justin Owens
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Spike99
Spike99
Flag of United States of America image

ASKER

DrUltima,

Changing the order of those lines didn't work.  I checked the registry of the user under HKEY_Users and that key has not been created.  The key in question goes no farther than this level:

HKEY_USERS\USER_SID\Software\Microsoft\Windows\CurrentVersion\Explorer

But, strangely, I found this key:

HKEY_USERS\User_SID\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu

So, it was adding the key, just in the wrong place.

So, here's the final custom ADM template which works now!

Thanks for the help!

Alicia


CLASS USER

	CATEGORY "Windows Components"

	CATEGORY "Windows Explorer"

		POLICY "Hide User Folder on Server 2008 Desktop"

		EXPLAIN "Setting to remove User folder from Windows Server 2008 Desktop"

		KEYNAME "Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu"

			VALUENAME "{59031a47-3f72-44a7-89c5-5595fe6b30ee}"
				VALUEON "1"

		END POLICY

	END CATEGORY

	END CATEGORY

Open in new window

Avatar of Spike99
Spike99
Flag of United States of America image

ASKER

Although, the asnwer didn't provide a complete solution, it did help me resolve  the problem.