Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Remove/Prevent Editing of Shortcut Properties

Posted on 2004-04-07
8
1,688 Views
Last Modified: 2013-12-04
Hello,
  I don't want my users to be able to modify where shortcuts point to on their Windows XP workstations (such as by right clicking the shortcut, selecting properties, and modifying entries under the shortcut tab).  At the same time, though, I don't want to prevent them from, say, sending a shortcut of a document in their docs folder to the desktop (so removing the default explorer context menu isn't an option).  I'm running a domain, so methods are pretty flexible:  registry change, script, gpo setting that I've overlooked, custom adm template, whatever.  The following are acceptable solutions for me:

1.  Remove properties from the context menu of a shortcut (but properties must remain intact for everything else, just removed from .lnk files)
2. Remove the shortcut tab from the properties of the shortcut
3. Make everything on the shortcut tab (target, start in, etc.) non-editable by the end user, including removing the function of the buttons along the bottom or making them unclickable
4. Anything else that achieves what I'm looking for without removing required functionality.
0
Comment
Question by:WerewolfTA
  • 5
  • 3
8 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10778251
Create your own shortcut as an compiled exe-file

AutoIt v3 is free an BASIC-like scripting language with compiler
http://www.hiddensoft.com/autoit3/

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 4

Author Comment

by:WerewolfTA
ID: 10783048
I don't think that's going to work for me.  Looking at it, it appears that I could do that for the shortcuts I supply, but I still want my users to be able to make shortcuts of their own documents, which they could then go into and edit.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10790100
The shortcuts that you produce with autoit can't be edited by your users. Rember, that the exe-file you produce with autoit only is a shortcut, that points excatly where you want.

Your users can still  - as they allways could -  produce their own shortcuts.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 4

Author Comment

by:WerewolfTA
ID: 10792239
 Yes, but can the users still edit the shortcuts that they produce?  That's what I'm trying to stop in addition to editing the shortcuts I supply (and even if this solution does, since it creates an executable file, it unfortunately wouldn't work for me since they're not allowed to run any executable content from locations for which they have write rights unless I hash the file and specifically allow it, which wouldn't be possible if they're creating them).  

I want my users to be able to create shortcuts to their existing documents, but not to be able to edit them.  I've already stopped them from being able to create a new blank shortcut and fill in anything they want, but they can produce a shortcut to an existing file on their own (which I want them to be able to do) and then edit it (which I don't want them to be able to do) to point somewhere they're not otherwise allowed to access in the gui (because I've disabled the run command and hidden network neighborhood) such as a network path.  One of my users actually admitted to browsing through the network looking for open shares to see what was out there.  Hopefully, everything's secure, but just in case something's overlooked, I don't want them to ever even have the opportunity to find out.  And even though they can't just browse through the network anymore, we use bginfo to put the name and ip address on all the desktops so we can have the caller quickly id which computer they're on for support purposes, so it's pretty easy for them to find paths to search.

  I know that no matter what I do, if they're determined enough, they'll find a way to get around the security I've set up or break the XP install trying, but I want to make it as difficult as possible so hopefully most of them will give up.  Experience has shown that some of these people have way too much free time on their hands, not enough supervision, and a strong desire to perform tasks on their computer that they're not allowed or supposed to do.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10800521
A user creating a shortcut (or file or folder) is the owner of the shortcut. That's defined in the creator owner ntfs permission.

Default NTFS Permissions in Windows 2000
http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q244600
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 250 total points
ID: 10800523
Describing the problems with your users, I see no other solution than
http://www.microsoft.com/windows2000/technologies/terminal/default.asp
0
 
LVL 4

Author Comment

by:WerewolfTA
ID: 11060707
Unfortunately, terminal services isn't an option for me.  However, since nothing else has been posted, and I believe your answer would work were that an option, I am going to go ahead and close this question and award the points to you, trywaredk.  
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 11063354
:o) Thank you for the points
0

Featured Post

Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question