Unable to Delete Desktop Icons or Change Timezone after switching users from admin to user

Users are Unable to Delete Desktop Icons or Change Timezone after switching users from admin to user.  This was a recent group policy update.  Is there are GPO rule that can allow this?
LVL 1
securitythreatAsked:
Who is Participating?
 
dis1931Connect With a Mentor Commented:
Hello securitythreat,

I believe the Time Zone or time in general is no allowed to users...I am not aware of a group policy item to enable for all users.  As for desktop icons it is usually related to permissions on the icons themselves....Usually admins and power users have rights to delete or edit them while users can read and execute hence no deletion....This is a permission issue and you will need to change file system permssions on these icons or in the all users folder where they are probably stored....not sure what icons...If they create an icon then they should be able to delete on their desktop.

Regards,

dis1931
0
 
Hypercat (Deb)Commented:
Certainly if the icons are on the All Users desktop rather than the user's own desktop in his/her profile, they will not be able to delete or edit those icons.  Normally the Users group has read-only permissions to the All Users profile.
0
 
securitythreatAuthor Commented:
I noticed that when I turn on the drag and drop option in Active Desktop that it is allowing users to remove and add.  One thing i'm concerned about it the time.  Our users travel alot.  Does the time stay the same or does it update if it calls out to a closer dc?  Also, how do you specify indivual programs approval to run without making the user a pu.
0
Cloud Class® Course: Amazon Web Services - Basic

Are you thinking about creating an Amazon Web Services account for your business? Not sure where to start? In this course you’ll get an overview of the history of AWS and take a tour of their user interface.

 
Hypercat (Deb)Commented:
Here's a Microsoft KB article describing how you can use a regedit to allow users to change the time and/or time zone on their computers:

http://support.microsoft.com/kb/300022/en-us

Users should be able to run most programs without being a power user.  Are their specific programs that you are running that you're having a problem with?
0
 
top_gizmoCommented:
You can allow users to change the system time by allowing it in group policy.

It is a setting under user rights and assignments.

Computer Configuration\Windows settings\Security settings\Local policies\user rights and assignments\change the system time.

Add the user group to it.
------------------------------------------------------
The best solution to get around the not being able to delete icons problem is to modify the default users desktop so any new profiles will have the icons on their desktop and be able to delete them without affecting other users.

As for the existing users and the icons, the only work around I can think of other than modifying permission on the all users desktop is to create a script to remove the icons from the all users desktop and copy them to the users desktop.  They can delete them from there if they wish.
0
 
Netman66Commented:
You DON'T want users to change time.

Since the domain-joined PC account lives in it's own OU based on a Site then it should stay the same no matter where the user travels.

This is what the timezone does.  If the laptop user connects to a remote site in some other country then the timezone will make sure the local timestamps are correct based on the offset from GMT.  Other than the clock being out you should just let the user live with that.

0
 
securitythreatAuthor Commented:

My question is, if the users are in a subnet other than their site subnet, does the local machine recognize this and update the time?  If not, then the time is an issue.  It will mean that we will have to update the users OU everytime they travel and stay for a month or two.

Where do you set the time for each site?
0
 
Netman66Commented:
On the local DC.

There are GPO settings for time services that can be linked to Sites so that when roaming users logon in those sites, then the time settings should be picked up by the laptop and point the client to the local server for time services.  This should remedy roaming problems.

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.