?
Solved

Disabling Active Desktop

Posted on 2003-03-18
18
Medium Priority
?
719 Views
Last Modified: 2012-06-21
I am attempting to deploy a common desktop wallpaper to all our Win2000 professional PCs, within our NT4 domain. I am using the NT4 policy editor to set the wallpaper and remove access to the Background tab, and disabling active desktop by pushing out a registry change with the REG ADD facility. The PCs on our main site work fine but the ones on our remote sites (connected via a WAN) will not display the wallpaper. I don't think it is WAN related for the following reasons:
1. The wallpaper bitmap is copied to the PCs hard drive without any problems
2. The background tab is disabled
3. The active desktop menu item disappears

The problem is that when logging on, the wallpaper flashes up, then disappears, suggesting that Active desktop is kicking in, despite being disabled by means of the registry key HKLM\software\microsoft\windows\currentversion\policies\explorer\NoActiveDesktop=1.

I have tried using the local group policy to enforce it. I've tried manually setting the wallpaper, enabling then re-enabling active desktop, and everytihng else I can think of, but it seemingly active desktop refuses to be disabled.

Any suggestions would be gratefully received.

Regards,
Phil.
0
Comment
Question by:phil6564
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 3
  • +3
18 Comments
 
LVL 9

Expert Comment

by:MSGeek
ID: 8159521
> tried using the local group policy

I think you are referring to the Local Security Policy.  Group Policy would refer to an Active Directory Group Policy.  

First I would recommend you save a copy of the bitmap to their %systemroot% and make sure NTFS permission is read-only.  I say this as it may be slowing the login process enough that the scripts are not fully executing.  It will also make you users very happy as logon speed hould improve.

As far as the local security policy is conecrened what did you try to do?  Which settings did you mark as enabled or disabled?  The logic MS used in createing the policies is not always consistent and is also sometimes not intuitive.

Try copying bitmap locally first to see if other changes propogate.  Otherewise you have done everything correctly, aside from converting to a Win2k AD Domain.  :)
0
 

Author Comment

by:phil6564
ID: 8159740
The bitmap is already in %systemroot%. It is sent out via the users' login scripts.

I say I'm using Group policy because I opened MMC and added the group policy snap in. Is that really for use only when AD is running? Should I be using something else? I tried enabling the "Disable active desktop" item, the "Prohibit changes" item and the "desktop wallpaper".

Phil.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8159867
> "The bitmap is already in %systemroot%. It is sent out via the users' login scripts."

If it is already there, why include it in the scripts any longer.

> "I say I'm using Group policy because I opened MMC and added the group policy snap in. Is that really for use only when AD is running? "

No it's not for just and AD environment.  Just be aware that if you go to Administrative Tools under Control Panel, you will see the Local Security Policy.  This is the workstations default security policy.  Applying polices through the Group Policy snap in will work as well.

You may want to try enabling the policies under the Local Security Policy.
0
How Blockchain Is Impacting Every Industry

Blockchain expert Alex Tapscott talks to Acronis VP Frank Jablonski about this revolutionary technology and how it's making inroads into other industries and facets of everyday life.

 

Author Comment

by:phil6564
ID: 8160077
It is copied to the hard drive each time in case the user deletes it or changes it.

The local security policy in Control Panel doesn't appear to have anything relating to active desktop in it.

In this case, applying policies through the group policy snap in doesn't work.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8160231
0
 

Author Comment

by:phil6564
ID: 8160350
Yep, tried that. In any case, surely, that's the same as not setting the Network path value and leaving updatemode as automatic.
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8160705
I can't say as I would agree with that statement.  An explicit statement is known, same reason I don't drive automatic transmission cars.  :)
0
 

Expert Comment

by:alsace
ID: 8164432
Had a similar problem recently... solved it by modifying the Local Security Policy on the SOE image as such (which will override any GP's coming from any DC's):
1. Start > run > gpedit.msc
2. user config > admin templates > active desktop with following settings: enable AD (en); disable AD (dis); disable all items (en); prohibit changes (en); prohibit adding items (en); prohibit deleting items (en); prohibit editing items (en); prohibit closing items (nc); add/delete items (nc); active desktop wallpaper (en - and set to %systemroot%\Web\Wallpaper\<yourwallpaper.jpg> - substituting %systemroot% for the windows directory); allow only bitmap (nc)
3. user config > admin templates > control panel > display > disable changing wallpaper (en)

Ghosted the PC's and it works a treat - not sure about power users however (tested only for users).

Cheers.
0
 

Expert Comment

by:alsace
ID: 8164560
Had a similar problem recently... solved it by modifying the Local Security Policy on the SOE image as such (which will override any GP's coming from any DC's):
1. Start > run > gpedit.msc
2. user config > admin templates > active desktop with following settings: enable AD (en); disable AD (dis); disable all items (en); prohibit changes (en); prohibit adding items (en); prohibit deleting items (en); prohibit editing items (en); prohibit closing items (nc); add/delete items (nc); active desktop wallpaper (en - and set to %systemroot%\Web\Wallpaper\<yourwallpaper.jpg> - substituting %systemroot% for the windows directory); allow only bitmap (nc)
3. user config > admin templates > control panel > display > disable changing wallpaper (en)

Ghosted the PC's and it works a treat - not sure about power users however (tested only for users).

Cheers.
0
 
LVL 85

Expert Comment

by:oBdA
ID: 8164991
Hi Phil,

I stumbled across a similar problem recently. Your problem might be the use of poledit and the common.adm file. The registry setting for the wallpaper defined in there is HKCU\Control Panel\Desktop.
W2k clients seem to have their own mind, though. You can set the wallpaper picture using this policy and this key, but only *once*. The W2k client then just seems to go ahed and copies this entry to HKCU\Software\Policies\Microsoft\Windows\Control Panel\Desktop. This entry has priority over the HKCU\Control Panel\Desktop that's affected by your policy, and now you can't get rid of it through a policy any more (especially since, as far as I know, MS didn't deliver an administrative template to set a non-Active Desktop wallpaper). Check if a wallpaper is defined in this key on the clients that have the problems. If so, you can merge the part below this into an existing .adm file of yours or just save it as whatever.adm.
One more thing: You might want to test what happens if you apply this to NT4 clients, if you still have some; I've only tried it on W2k).

=============8<---snip-----------------------------------
CLASS USER

CATEGORY !!AddSettings
  CATEGORY !!Desktop
    POLICY !!PolWallpaper
      KEYNAME "Software\Policies\Microsoft\Windows\Control Panel\Desktop"
      PART !!Wallpaper TEXT END PART
      PART " " COMBOBOX NOSORT
        VALUENAME "Wallpaper"
        DEFAULT "P:\ut\your\preferred\image\here.bmp"
        SUGGESTIONS "P:\ut\your\preferred\image\here.bmp"
        END SUGGESTIONS
      END PART
    END POLICY
  END CATEGORY ; !!Desktop
END CATEGORY ; !!AddSettings

[strings]
AddSettings=Additional Settings
Desktop=Desktop Settings
PolWallpaper=Wallpaper
Wallpaper=Path and name to the background picture (.bmp):
=============8<---snip-----------------------------------
0
 

Expert Comment

by:alsace
ID: 8165128
it should be noted that there is a similar key in the HKU HIVE, namely HKEY_USERS\.Default\Control Panel\Desktop (holding a String Value of "Wallpaper"). This, in W2K, holds the value for the DEFAULT WINDOWS WALLPAPER (oBdA's key holds the value for the current user only) . It defines the wallpaper that is applied by Windows before any other is applied by active desktop OR a Group Policy (Domain) OR a Local Security Policy. It is normally observed for a couple of seconds after logging in before any policies are applied. To eradicate this altogether just point the value to the wallpaper defined in my tip above (i.e. %systemroot%\web\wallpaper). For extra measure you could do the same to the HKCU values as well..

Alsace.
0
 
LVL 5

Expert Comment

by:cempasha
ID: 8596147
This question is still open and getting old. If any of the comment(s) above helped you please accept it as an answer or split the points who ever helped you in this question. Your attention in finalising this question is very much appreciated. Thanks in advance,

****** PLEASE DO NOT ACCEPT THIS AS AN ANSWER ********

- If you would like to close this question and have your points refunded, please post a question in community support area on http://www.experts-exchange.com/Community_Support/ giving the address of this question. Thank you      

Pasha

Cleanup Volunteer


0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8602698
Phil.. you have had some good feedback here, what have you done?
0
 

Author Comment

by:phil6564
ID: 8612211
I know I've had some good feedback, and thanks to all who contributed. I've done everything suggested above. However, as I said above, I've not found any consistency in this. Some things work on some PCs but not on others. The wallpaper has been deployed to the vast majority of PCs now. Any problem ones are being looked at on an individual basis.

Regards,
Phil.
0
 

Expert Comment

by:SpideyMod
ID: 8613868
A request for a refund has been made.  Experts you have 72 hours to object.

SpideyMod
Community Support Moderator @Experts Exchange
0
 
LVL 9

Expert Comment

by:MSGeek
ID: 8626169
phil6564.. that is your fisrt update to this question since 03/18/2003 11:55AM EST

On that basis and your lack of response to experts posts since that time, I would disagree with a refund.  MSGeek.
0
 

Author Comment

by:phil6564
ID: 8627699
Fine.

Phil.
0
 

Accepted Solution

by:
SpideyMod earned 0 total points
ID: 8629032
I am going to PAQ this question and give a refund because I'm feeling gracious today and it appears that although the experts tried hard, this one was never really resolved.  I also went into  phil6564's account and found another question that had no expert responses from way back in 10/2002 and I deleted it with a refund.  However, since none of your questions were finalized naturally (by yourself), I do need you to read through the following site to assist you with future Experts Exchange activity: http://www.cityofangels.com/Experts/Closing.htm  After you have done that, please indicate your understanding and your future compliance in maintaining your open questions and the options that are available for you to do so by posting here.  Thank you.

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Hey fellow admins! This time, I have a little fairy tale for you. As many tales do, it starts boring and then gets pretty gory. I hope you like it. TL;DR: It is about an important security matter, you should read it if you run or administer Windows …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question