Prevent Deletion of Desktop Icons via GPO

Is it possible to prevent the deletion, renaming and even adding of desktop icons (FOR ANY WINDOWS or NON WINDOWS APPLICATION) via Group Policy.
LVL 1
dspentAsked:
Who is Participating?
 
spareticusConnect With a Mentor Commented:
add a line to the logon script to change the permissions on %userprofile%\desktop
remove the ability for %username% to delete
0
 
spareticusCommented:
you would need to take the "change" right away from each user on their own desktop...is that what you want?
0
 
dspentAuthor Commented:
we did that but were still able to delete icons from the desktop.
0
Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

 
spareticusCommented:
how did you implement this?
0
 
dspentAuthor Commented:
GPO on an OU called Radiology

in User Configuration - Administrative Templates - Desktop - Active Desktop

the Prohibit Changes options is enabled.

It works for most things but deleting program and windows icons is still possible.
0
 
spareticusCommented:
in the gpo, add a file system security setting as follows
%userprofile%\desktop
    change the security settings to prevent deletions
0
 
dspentAuthor Commented:
how do I do that?
0
 
chadCommented:
have you considered mandatory profiles.  This will get the job done but also restrict alot of other options as well.
not sure if that is the route you want to go with this.

you could also add any icons you want all users to have to the 'all users' profile and then make it read only rights for your users.
0
 
CrazyOneCommented:
I think the guest account will allow adding/deleting icons but on the next reboot the icons will be as they were before the user changed the icons
0
 
spareticusCommented:
do you currently use logon scripts?
0
 
dspentAuthor Commented:
yes we use login scripts.
0
 
dspentAuthor Commented:
just going over some of my old questions here and thought I would add to this one.....

The answer, I now know is to use folder redirection of the desktop folder.   Redirect the desktop to a folder where the user or group does not have permissions to delete.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.