Solved

Group Policy and Restrict Users from Changing Desktop Icons.

Posted on 2007-11-19
8
3,855 Views
Last Modified: 2008-02-01
I am currently using group policy to push out restrictions.  Is there any way to keep users from changing the desktop icons?  I want to do this without 3rd party software.  I also cannot make them part of the user group, because of programs they have to run.
0
Comment
Question by:Smithville
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +1
8 Comments
 
LVL 9

Expert Comment

by:asawatzki
ID: 20315165
You could restrict user rights to Read and Execute in NTFS permissions for the following folders:

c:\documents and settings\%username%\Desktop
c:\documents and settings\All Users\Desktop
0
 
LVL 2

Expert Comment

by:DrTrollrot
ID: 20315412
Have you tried to

GPO -> User Configuration -> Administrative Templates -> Desktop

Don't save settings at exit = Enabled

You also have more goodies there like  ...

Remove Properties from the My Documents context menu
Remove Properties from the My Computer context menu
Remove Properties from the Recycle Bin context menu
Prevent adding, dragging, dropping and closing the Taskbar's toolbars
Prohibit adjusting desktop toolbars
0
 

Author Comment

by:Smithville
ID: 20315940
These users are administrators.  They have to be administrators to run certain programs.  So I cant' restrict access through NTFS permissions.  The GPO -> User Configuration -> Administrative Templates -> Desktop does not keep them from changing desktop icons.
0
Comparison of Amazon Drive, Google Drive, OneDrive

What is Best for Backup: Amazon Drive, Google Drive or MS OneDrive? In this free whitepaper we look at their performance, pricing, and platform availability to help you decide which cloud drive is right for your situation. Download and read the results of our testing for free!

 
LVL 2

Expert Comment

by:DrTrollrot
ID: 20316132
0
 
LVL 40

Expert Comment

by:Fatal_Exception
ID: 20316180
I prefer not to mention this, as I just don't like them, but...    Mandatory Profiles, perhaps?
0
 
LVL 9

Expert Comment

by:asawatzki
ID: 20317124
Yes you could remove inherited permissions on the desktop folders, and then add back admininstrators as Read and Execute.  Then if you need for some accounts to have full control, you could add domain admins, or specific accounts back as well.  If you change it on the c:\documents and settings\Default user\desktop , then it should copy those permissions over to whoever else logs in.
0
 

Author Comment

by:Smithville
ID: 20319674
The icons they are editing, are the ones in All Users.  I don't care if the edit they ones in their own profile, because their profile is deleted on exit.  Asawatzki's idea of default user gives me an idea of making all icons on the desktop in default user.  That way once they log off, their profile is deleted, and their changes are moot.  Then when a new user logs on, the default user profile is used and the icons are still correct.  From all the ideas, I assume that their is no option of using Group Policy.  We have over 500 machines, and changing the default user, would mean imaging all of them.
0
 
LVL 9

Accepted Solution

by:
asawatzki earned 500 total points
ID: 20319729
You could use Group Policy to deploy a script that would make the permissions changes.  You wouldn't need to image all of them.  Just use the xcacls utility from microsoft:  http://support.microsoft.com/kb/825751
0

Featured Post

Turn Insights into Action

Communication across every corner of your business is essential to increase the velocity of your application delivery and support pipeline. Automate, standardize, and contextualize your communication processes with xMatters.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We have adopted the strategy to use Computers in Student Labs as the bulletin boards. The same target can be achieved by using a Login Notice feature in Group policy but it’s not as attractive as graphical wallpapers with message which grabs the att…
When you start your Windows 10 PC and got an "Operating system not found" error or just saw  "Auto repair for startup" or a blinking cursor with black screen. A loop for Auto repair will start but fix nothing.  You will be panic as there are no back…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question