?
Solved

Unable to Delete Desktop Icons or Change Timezone after switching users from admin to user

Posted on 2007-11-30
8
Medium Priority
?
756 Views
Last Modified: 2008-02-01
Users are Unable to Delete Desktop Icons or Change Timezone after switching users from admin to user.  This was a recent group policy update.  Is there are GPO rule that can allow this?
0
Comment
Question by:securitythreat
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 10

Accepted Solution

by:
dis1931 earned 750 total points
ID: 20384764
Hello securitythreat,

I believe the Time Zone or time in general is no allowed to users...I am not aware of a group policy item to enable for all users.  As for desktop icons it is usually related to permissions on the icons themselves....Usually admins and power users have rights to delete or edit them while users can read and execute hence no deletion....This is a permission issue and you will need to change file system permssions on these icons or in the all users folder where they are probably stored....not sure what icons...If they create an icon then they should be able to delete on their desktop.

Regards,

dis1931
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 20384851
Certainly if the icons are on the All Users desktop rather than the user's own desktop in his/her profile, they will not be able to delete or edit those icons.  Normally the Users group has read-only permissions to the All Users profile.
0
 
LVL 1

Author Comment

by:securitythreat
ID: 20385085
I noticed that when I turn on the drag and drop option in Active Desktop that it is allowing users to remove and add.  One thing i'm concerned about it the time.  Our users travel alot.  Does the time stay the same or does it update if it calls out to a closer dc?  Also, how do you specify indivual programs approval to run without making the user a pu.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 20385136
Here's a Microsoft KB article describing how you can use a regedit to allow users to change the time and/or time zone on their computers:

http://support.microsoft.com/kb/300022/en-us

Users should be able to run most programs without being a power user.  Are their specific programs that you are running that you're having a problem with?
0
 
LVL 3

Expert Comment

by:top_gizmo
ID: 20386617
You can allow users to change the system time by allowing it in group policy.

It is a setting under user rights and assignments.

Computer Configuration\Windows settings\Security settings\Local policies\user rights and assignments\change the system time.

Add the user group to it.
------------------------------------------------------
The best solution to get around the not being able to delete icons problem is to modify the default users desktop so any new profiles will have the icons on their desktop and be able to delete them without affecting other users.

As for the existing users and the icons, the only work around I can think of other than modifying permission on the all users desktop is to create a script to remove the icons from the all users desktop and copy them to the users desktop.  They can delete them from there if they wish.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20386736
You DON'T want users to change time.

Since the domain-joined PC account lives in it's own OU based on a Site then it should stay the same no matter where the user travels.

This is what the timezone does.  If the laptop user connects to a remote site in some other country then the timezone will make sure the local timestamps are correct based on the offset from GMT.  Other than the clock being out you should just let the user live with that.

0
 
LVL 1

Author Comment

by:securitythreat
ID: 20389588

My question is, if the users are in a subnet other than their site subnet, does the local machine recognize this and update the time?  If not, then the time is an issue.  It will mean that we will have to update the users OU everytime they travel and stay for a month or two.

Where do you set the time for each site?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20393142
On the local DC.

There are GPO settings for time services that can be linked to Sites so that when roaming users logon in those sites, then the time settings should be picked up by the laptop and point the client to the local server for time services.  This should remedy roaming problems.

0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A quick step-by-step overview of installing and configuring Carbonite Server Backup.
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question