Locking desktop icons for windows server 2003 domain with xp clients

Posted on 2005-04-06
Medium Priority
Last Modified: 2010-04-10
Hi Guys
I am running server 2003 domain with XP client machines.  I am able to restrict users not to change the desktop background through group policy.  They can still change the icons add them and delete them on there desktop.
This is what I did not sure if this is right?:
-Logged onto the client machine with the user name, made icons on the desktop which I want.
-Logged onto the same machine as administrator and copied the profile of the user to the server under '\\server\Profiles\mandatory\'username'
-From the same machine I deleted the local user profile.
-On the server under the folder '\\server\Profiles\mandatory\username'  I changed the folder 'Desktop' permissions to read only.
-Logged on back to the client machine and it collected its profiles now from the server (which is great), and if I delete any icons and logg back again, I get the same icons back which I want, but the only killing thing is that I have now to delete local profiles from all the client machines in order to make the profiles coming from the server to take effect.
-Moreover if I add a new folder on the desktop and logg off and back to logg on I see the new folder and the icons, also while logging off I get the 'user environment' window saying the profile cannot be copied from c:\......' to '\\server......'.
Help please
I know there should be an easier way instead of creating roaming profile and changing the 'Desktop' folder permissions in group policy but its not working?  Please help stepwise, its becoming a hectic for me now.
Question by:amanzoor
  • 2
LVL 22

Accepted Solution

kristinaw earned 2000 total points
ID: 13717621

first off, here's an excellent utility you can use to remotely delete unwanted local user profiles:


the reason you're getting the error when logging off is because windows always tries to save a profile when logging off, including the desktop. since you've make the desktop read only, it is unable to save it, thus giving you the error. have you told the client that it is using a mandatory profile now?

How to:
read the following for more info:


the above is a 2k article but i think the process is generally the same.

Author Comment

ID: 13719069
Thanks kristinaw
thanks for the Useful resources.
-I adopted to the step by step procedure mentioned in the first link.  Is there any way that I can make only ONE mandatory profile, place it on the server and call it from each user profiles tab under user properties in AD? for the users logging in on the client machines.
-I have to copy each profile manually to the server and then call for that specific user from user properties?  Its more work for about 500+ users.
-Also I do not want to make any changes to the registry in the client machine?
suggestions? please
LVL 22

Expert Comment

ID: 13814877
no, you don't have to copy the profile manually for each user. just do it once with a generic user to create the mandatory profile, make sure the perms and everything are right on the folder, and set the profile in AD for each user who will need to use the profile.

do a google on admodify. good tool to help you modify all the profile paths. here's another link on man profs:



Featured Post


Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This program is used to assist in finding and resolving common problems with wireless connections.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question