tmaclachlan
asked on
disabling properties/shortcuts from menu
Is there a registry hack to stop the "properties" option
appearing on the File menu on the desktop icons? For example
I'd like to stop users using properties to change the target
of a desktop icon from H: to c:\
??
Thanks!!
appearing on the File menu on the desktop icons? For example
I'd like to stop users using properties to change the target
of a desktop icon from H: to c:\
??
Thanks!!
j2
Yes, by enforcing a policy on the machine, from a WinNT PDC.
I do not know of a hack but,
if you do not want to allow your users to add, delete or change their desktop icons just make sure desktops are stored on a directory on a network disk with only read access.
btw: it is possible to remove all desktop icons with the policy editor.
if you do not want to allow your users to add, delete or change their desktop icons just make sure desktops are stored on a directory on a network disk with only read access.
btw: it is possible to remove all desktop icons with the policy editor.
ASKER
I'm aware of this. However, if users can create a shortcut target
to drive c:\ from their writable space on the network, which
is a HUGE loophole. If the "properties" or "create shortcut"
could be disabled with the registry it would stop them from
doing this. otherwise they could create a shortcut even if
there were no desktop icons.
to drive c:\ from their writable space on the network, which
is a HUGE loophole. If the "properties" or "create shortcut"
could be disabled with the registry it would stop them from
doing this. otherwise they could create a shortcut even if
there were no desktop icons.
What are you trying to achieve? Even if you set policies not to show certain drives, you can enter the drive letter, like C:, in any open or save file dialog and get there anyway. And you can rename, delete and execute files from an open or save dialog.
tmaclachlan,
The short answer is no - you can't (safely) stop the system from displaying the properties of the shortcut.
HOWEVER, is your aim is to thwart users that think they're technicians, here's a few suggestions:
1. If you're on a network, copy the shortcut to their desktop during the login process - overwriting the shortcut if it already exists - then YOU control the properties of the shortcut.
2. Make a copy of the shortcut in the WINDOWS\SYSTEM directory only rename it from SHORTCUT.LNK to something like SHORTCUT.SYS (users tend to shy away from files that end in .SYS, .DRV). Then, create a batch file called WINSTART.BAT that copies the shortcut from C:\WINDOWS\SYSTEM\SHORTCUT
Of course, always mark it read-only - this will stop some users from messing!
Jerry
The short answer is no - you can't (safely) stop the system from displaying the properties of the shortcut.
HOWEVER, is your aim is to thwart users that think they're technicians, here's a few suggestions:
1. If you're on a network, copy the shortcut to their desktop during the login process - overwriting the shortcut if it already exists - then YOU control the properties of the shortcut.
2. Make a copy of the shortcut in the WINDOWS\SYSTEM directory only rename it from SHORTCUT.LNK to something like SHORTCUT.SYS (users tend to shy away from files that end in .SYS, .DRV). Then, create a batch file called WINSTART.BAT that copies the shortcut from C:\WINDOWS\SYSTEM\SHORTCUT
Of course, always mark it read-only - this will stop some users from messing!
Jerry
ASKER
Nice idea..but it still doesn't stop someone from creating
a shortcut on their network home directory or from a floppy
drive straight to c:\
a shortcut on their network home directory or from a floppy
drive straight to c:\
So you basically want to stop users from using up space on the C: for storage ?
If so, then you can do one of two things..
1. Purchase third party software, that prevents access to certain Windows components, I know of a product but don't have the details right here. You'd want to restrict access to the command prompt as well as they can do what they like in a DOS shell.
2. Create a batch/script to delete all unwanted files on logoff, or fill up the hard disk so there is no room to store files, but just enough space for the system to function normally.
If so, then you can do one of two things..
1. Purchase third party software, that prevents access to certain Windows components, I know of a product but don't have the details right here. You'd want to restrict access to the command prompt as well as they can do what they like in a DOS shell.
2. Create a batch/script to delete all unwanted files on logoff, or fill up the hard disk so there is no room to store files, but just enough space for the system to function normally.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.