• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 4049
  • Last Modified:

Prevent Deletion of Desktop Icons via GPO

Is it possible to prevent the deletion, renaming and even adding of desktop icons (FOR ANY WINDOWS or NON WINDOWS APPLICATION) via Group Policy.
0
dspent
Asked:
dspent
1 Solution
 
spareticusCommented:
you would need to take the "change" right away from each user on their own desktop...is that what you want?
0
 
dspentAuthor Commented:
we did that but were still able to delete icons from the desktop.
0
 
spareticusCommented:
how did you implement this?
0
Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

 
dspentAuthor Commented:
GPO on an OU called Radiology

in User Configuration - Administrative Templates - Desktop - Active Desktop

the Prohibit Changes options is enabled.

It works for most things but deleting program and windows icons is still possible.
0
 
spareticusCommented:
in the gpo, add a file system security setting as follows
%userprofile%\desktop
    change the security settings to prevent deletions
0
 
dspentAuthor Commented:
how do I do that?
0
 
chadCommented:
have you considered mandatory profiles.  This will get the job done but also restrict alot of other options as well.
not sure if that is the route you want to go with this.

you could also add any icons you want all users to have to the 'all users' profile and then make it read only rights for your users.
0
 
CrazyOneCommented:
I think the guest account will allow adding/deleting icons but on the next reboot the icons will be as they were before the user changed the icons
0
 
spareticusCommented:
do you currently use logon scripts?
0
 
dspentAuthor Commented:
yes we use login scripts.
0
 
spareticusCommented:
add a line to the logon script to change the permissions on %userprofile%\desktop
remove the ability for %username% to delete
0
 
dspentAuthor Commented:
just going over some of my old questions here and thought I would add to this one.....

The answer, I now know is to use folder redirection of the desktop folder.   Redirect the desktop to a folder where the user or group does not have permissions to delete.
0

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now