Locking desktop icons for windows server 2003 domain with xp clients

Posted on 2005-04-06
Last Modified: 2010-04-10
Hi Guys
I am running server 2003 domain with XP client machines.  I am able to restrict users not to change the desktop background through group policy.  They can still change the icons add them and delete them on there desktop.
This is what I did not sure if this is right?:
-Logged onto the client machine with the user name, made icons on the desktop which I want.
-Logged onto the same machine as administrator and copied the profile of the user to the server under '\\server\Profiles\mandatory\'username'
-From the same machine I deleted the local user profile.
-On the server under the folder '\\server\Profiles\mandatory\username'  I changed the folder 'Desktop' permissions to read only.
-Logged on back to the client machine and it collected its profiles now from the server (which is great), and if I delete any icons and logg back again, I get the same icons back which I want, but the only killing thing is that I have now to delete local profiles from all the client machines in order to make the profiles coming from the server to take effect.
-Moreover if I add a new folder on the desktop and logg off and back to logg on I see the new folder and the icons, also while logging off I get the 'user environment' window saying the profile cannot be copied from c:\......' to '\\server......'.
Help please
I know there should be an easier way instead of creating roaming profile and changing the 'Desktop' folder permissions in group policy but its not working?  Please help stepwise, its becoming a hectic for me now.
Question by:amanzoor
    LVL 22

    Accepted Solution


    first off, here's an excellent utility you can use to remotely delete unwanted local user profiles:

    the reason you're getting the error when logging off is because windows always tries to save a profile when logging off, including the desktop. since you've make the desktop read only, it is unable to save it, thus giving you the error. have you told the client that it is using a mandatory profile now?

    How to:
    read the following for more info:

    the above is a 2k article but i think the process is generally the same.
    LVL 4

    Author Comment

    Thanks kristinaw
    thanks for the Useful resources.
    -I adopted to the step by step procedure mentioned in the first link.  Is there any way that I can make only ONE mandatory profile, place it on the server and call it from each user profiles tab under user properties in AD? for the users logging in on the client machines.
    -I have to copy each profile manually to the server and then call for that specific user from user properties?  Its more work for about 500+ users.
    -Also I do not want to make any changes to the registry in the client machine?
    suggestions? please
    LVL 22

    Expert Comment

    no, you don't have to copy the profile manually for each user. just do it once with a generic user to create the mandatory profile, make sure the perms and everything are right on the folder, and set the profile in AD for each user who will need to use the profile.

    do a google on admodify. good tool to help you modify all the profile paths. here's another link on man profs:


    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Article by: IanTh
    Hi Guys After a whole weekend getting wake on lan over the internet working, I thought I would share the experience. Your firewall has to have a port forward for port 9 udp to your local broadcast x.x.x.255 but if that doesnt work, do it to a …
    What’s a web proxy server? A proxy server is a server that goes between clients and web servers, used in corporate to enforce corporate browsing policy and ensure security. Proxy servers are commonly used in three modes. A)    Forward proxy …
    Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    25 Experts available now in Live!

    Get 1:1 Help Now