Solved

disabling properties/shortcuts from menu

Posted on 1997-08-29
8
240 Views
Last Modified: 2013-12-23
Is there a registry hack to stop the "properties" option
appearing on the File menu on the desktop icons? For example
I'd like to stop users using properties to change the target
of a desktop icon from H: to c:\
??

Thanks!!
0
Comment
Question by:tmaclachlan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 12

Expert Comment

by:j2
ID: 1548664
Yes, by enforcing a policy on the machine, from a WinNT PDC.
0
 

Expert Comment

by:Wilfred
ID: 1548665
I do not know of a hack but,
if you do not want to allow your users to add, delete or change their desktop icons just make sure desktops are stored on a directory on a network disk with only read access.

btw: it is possible to remove all desktop icons with the policy editor.
0
 

Author Comment

by:tmaclachlan
ID: 1548666
I'm aware of this. However, if users can create a shortcut target
to drive c:\ from their writable space on the network, which
is a HUGE loophole. If the "properties" or "create shortcut"
could be disabled with the registry it would stop them from
doing this. otherwise they could create a shortcut even if
there were no desktop icons.

0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:y96andha
ID: 1548667
What are you trying to achieve? Even if you set policies not to show certain drives, you can enter the drive letter, like C:, in any open or save file dialog and get there anyway. And you can rename, delete and execute files from an open or save dialog.
0
 
LVL 2

Expert Comment

by:jerryd
ID: 1548668
tmaclachlan,
The short answer is no - you can't (safely) stop the system from displaying the properties of the shortcut.

HOWEVER, is your aim is to thwart users that think they're technicians, here's a few suggestions:

1. If you're on a network, copy the shortcut to their desktop during the login process - overwriting the shortcut if it already exists - then YOU control the properties of the shortcut.

2. Make a copy of the shortcut in the WINDOWS\SYSTEM directory only rename it from SHORTCUT.LNK to something like SHORTCUT.SYS (users tend to shy away from files that end in .SYS, .DRV).  Then, create a batch file called WINSTART.BAT that copies the shortcut from C:\WINDOWS\SYSTEM\SHORTCUT.SYS to C:\WINDOWS\DESKTOP\SHORTCUT.LNK (if that's where your user's desktops are).

Of course, always mark it read-only - this will stop some users from messing!

Jerry

0
 

Author Comment

by:tmaclachlan
ID: 1548669
Nice idea..but it still doesn't stop someone from creating
a shortcut on their network home directory or from a floppy
drive straight to c:\


0
 

Expert Comment

by:joesurf
ID: 1548670
So you basically want to stop users from using up space on the C: for storage ?

If so, then you can do one of two things..

1. Purchase third party software, that prevents access to certain Windows components, I know of a product but don't have the details right here.  You'd want to restrict access to the command prompt as well as they can do what they like in a DOS shell.

2. Create a batch/script to delete all unwanted files on logoff, or fill up the hard disk so there is no room to store files, but just enough space for the system to function normally.

0
 
LVL 5

Accepted Solution

by:
heiko earned 70 total points
ID: 1548671
there can't be any way because while the users session all links and icons are stored on the local disk even you have central stored profiles. Next you have no chance to protect all local stored items.

the only way I know is to suppress of starting unregistered software. you can setup in system policy to start only registered programs with full pathnames. then the user can change the links but is unable to start them. the next is to protect the central stored profile as mandatory so that all changes are lost on next logon.

I hope this is a solution.
Heiko
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
I'm a big fan of Windows' offline folder caching and have used it on my laptops for over a decade.  One thing I don't like about it, however, is how difficult Microsoft has made it for the cache to be moved out of the Windows folder.  Here's how to …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question