Link to home
Start Free TrialLog in
Avatar of abendv_10
abendv_10

asked on

Prevent users to create shortcuts on desktop

Hi,
In Windows 2003 server (Terminal Server)
I like to prevent users to create shortcuts on desktop.
I can use either registry key, Plolicy or any other idea.

Thank you.

Adi
Avatar of GHemphill
GHemphill

A simple answer?  Make the desk top Read Only to the user(s).  Only allow the Adminsitration account.
you could give them a mandatory profile.
then when they log off and then back on, any settings they have changed will be reverted back to origninal.
Avatar of Pete Long
Hi GHemphill,
Disable "Save Desktop on Exit"

Default behaviour for XP is to save the desktop configuration on exiting the operating system. To prevent saving the desktop configuration, implement the following registry edit.


[Start] [Run] [Regedit]
Registry Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.
Data Type: REG_DWORD (Dword Value) // Value Name: NoSaveSettings
Setting for Value Data: [0 = Disabled / 1 = Enabled]
Exit Registry and Reboot


From http://www.theeldergeek.com/disable_save_desktop_configurati.htm

or rename their ntuser.dat file to ntuser.man

PeteL
GHemphills answers sounds good, but if the desktop locations are diffenrent for each user, it will be a big hassle going around locating all the folders and making them read only.
you could also use group policy to hide the desktop so they only use start menu
You could create a program that deletes *.ink from the desktop that runs at startup.  Or even add some lines to autoexec.bat like so...

cd C:/documents and settings/usename/desktop
del *.ink

those lines should delete all shortcuts whenever the computer starts up.

I prefer to do things by programming than use windows features ;o)
If you can work with VB then u use

Kill

followed by the pathname, then file name eg:

kill "C:/documents and settings/usename/desktop/*.ink"

should work

regards,

NIPPLES
I usually remove user's write and execute permissions to the desktop. This prevents them from creating files or shortcuts on the desktop and prevents them from executing files if they happen to find a way of downloading stuff to the desktop. I use XCACLS to do this, something like:

xcacls %userprofile%\desktop /t /c /p %username%:r;xr system:f administrators:f /y

Just adjust the permissions to suite your needs.
In our terminal services environment, users not only have mandatory profiles, but they also have read-only profiles, and the context menus (right-click) have been disabled.

HTH,
exx1976
loads of workable solutions but no feedback :(
ASKER CERTIFIED SOLUTION
Avatar of BooMod
BooMod
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial