Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Remove/Prevent Editing of Shortcut Properties

Posted on 2004-04-07
8
Medium Priority
?
1,810 Views
Last Modified: 2013-12-04
Hello,
  I don't want my users to be able to modify where shortcuts point to on their Windows XP workstations (such as by right clicking the shortcut, selecting properties, and modifying entries under the shortcut tab).  At the same time, though, I don't want to prevent them from, say, sending a shortcut of a document in their docs folder to the desktop (so removing the default explorer context menu isn't an option).  I'm running a domain, so methods are pretty flexible:  registry change, script, gpo setting that I've overlooked, custom adm template, whatever.  The following are acceptable solutions for me:

1.  Remove properties from the context menu of a shortcut (but properties must remain intact for everything else, just removed from .lnk files)
2. Remove the shortcut tab from the properties of the shortcut
3. Make everything on the shortcut tab (target, start in, etc.) non-editable by the end user, including removing the function of the buttons along the bottom or making them unclickable
4. Anything else that achieves what I'm looking for without removing required functionality.
0
Comment
Question by:WerewolfTA
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
8 Comments
 
LVL 12

Expert Comment

by:trywaredk
ID: 10778251
Create your own shortcut as an compiled exe-file

AutoIt v3 is free an BASIC-like scripting language with compiler
http://www.hiddensoft.com/autoit3/

Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark

:o) Your brain is like a parachute. It works best when it's open
0
 
LVL 4

Author Comment

by:WerewolfTA
ID: 10783048
I don't think that's going to work for me.  Looking at it, it appears that I could do that for the shortcuts I supply, but I still want my users to be able to make shortcuts of their own documents, which they could then go into and edit.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10790100
The shortcuts that you produce with autoit can't be edited by your users. Rember, that the exe-file you produce with autoit only is a shortcut, that points excatly where you want.

Your users can still  - as they allways could -  produce their own shortcuts.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 4

Author Comment

by:WerewolfTA
ID: 10792239
 Yes, but can the users still edit the shortcuts that they produce?  That's what I'm trying to stop in addition to editing the shortcuts I supply (and even if this solution does, since it creates an executable file, it unfortunately wouldn't work for me since they're not allowed to run any executable content from locations for which they have write rights unless I hash the file and specifically allow it, which wouldn't be possible if they're creating them).  

I want my users to be able to create shortcuts to their existing documents, but not to be able to edit them.  I've already stopped them from being able to create a new blank shortcut and fill in anything they want, but they can produce a shortcut to an existing file on their own (which I want them to be able to do) and then edit it (which I don't want them to be able to do) to point somewhere they're not otherwise allowed to access in the gui (because I've disabled the run command and hidden network neighborhood) such as a network path.  One of my users actually admitted to browsing through the network looking for open shares to see what was out there.  Hopefully, everything's secure, but just in case something's overlooked, I don't want them to ever even have the opportunity to find out.  And even though they can't just browse through the network anymore, we use bginfo to put the name and ip address on all the desktops so we can have the caller quickly id which computer they're on for support purposes, so it's pretty easy for them to find paths to search.

  I know that no matter what I do, if they're determined enough, they'll find a way to get around the security I've set up or break the XP install trying, but I want to make it as difficult as possible so hopefully most of them will give up.  Experience has shown that some of these people have way too much free time on their hands, not enough supervision, and a strong desire to perform tasks on their computer that they're not allowed or supposed to do.
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 10800521
A user creating a shortcut (or file or folder) is the owner of the shortcut. That's defined in the creator owner ntfs permission.

Default NTFS Permissions in Windows 2000
http://support.microsoft.com/directory/article.asp?ID=KB;EN-US;Q244600
0
 
LVL 12

Accepted Solution

by:
trywaredk earned 750 total points
ID: 10800523
Describing the problems with your users, I see no other solution than
http://www.microsoft.com/windows2000/technologies/terminal/default.asp
0
 
LVL 4

Author Comment

by:WerewolfTA
ID: 11060707
Unfortunately, terminal services isn't an option for me.  However, since nothing else has been posted, and I believe your answer would work were that an option, I am going to go ahead and close this question and award the points to you, trywaredk.  
0
 
LVL 12

Expert Comment

by:trywaredk
ID: 11063354
:o) Thank you for the points
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
This course is ideal for IT System Administrators working with VMware vSphere and its associated products in their company infrastructure. This course teaches you how to install and maintain this virtualization technology to store data, prevent vuln…
Visualize your data even better in Access queries. Given a date and a value, this lesson shows how to compare that value with the previous value, calculate the difference, and display a circle if the value is the same, an up triangle if it increased…
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question