Solved

Unable to Delete Desktop Icons or Change Timezone after switching users from admin to user

Posted on 2007-11-30
8
750 Views
Last Modified: 2008-02-01
Users are Unable to Delete Desktop Icons or Change Timezone after switching users from admin to user.  This was a recent group policy update.  Is there are GPO rule that can allow this?
0
Comment
Question by:securitythreat
  • 2
  • 2
  • 2
  • +2
8 Comments
 
LVL 10

Accepted Solution

by:
dis1931 earned 250 total points
ID: 20384764
Hello securitythreat,

I believe the Time Zone or time in general is no allowed to users...I am not aware of a group policy item to enable for all users.  As for desktop icons it is usually related to permissions on the icons themselves....Usually admins and power users have rights to delete or edit them while users can read and execute hence no deletion....This is a permission issue and you will need to change file system permssions on these icons or in the all users folder where they are probably stored....not sure what icons...If they create an icon then they should be able to delete on their desktop.

Regards,

dis1931
0
 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 20384851
Certainly if the icons are on the All Users desktop rather than the user's own desktop in his/her profile, they will not be able to delete or edit those icons.  Normally the Users group has read-only permissions to the All Users profile.
0
 
LVL 1

Author Comment

by:securitythreat
ID: 20385085
I noticed that when I turn on the drag and drop option in Active Desktop that it is allowing users to remove and add.  One thing i'm concerned about it the time.  Our users travel alot.  Does the time stay the same or does it update if it calls out to a closer dc?  Also, how do you specify indivual programs approval to run without making the user a pu.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 38

Expert Comment

by:Hypercat (Deb)
ID: 20385136
Here's a Microsoft KB article describing how you can use a regedit to allow users to change the time and/or time zone on their computers:

http://support.microsoft.com/kb/300022/en-us

Users should be able to run most programs without being a power user.  Are their specific programs that you are running that you're having a problem with?
0
 
LVL 3

Expert Comment

by:top_gizmo
ID: 20386617
You can allow users to change the system time by allowing it in group policy.

It is a setting under user rights and assignments.

Computer Configuration\Windows settings\Security settings\Local policies\user rights and assignments\change the system time.

Add the user group to it.
------------------------------------------------------
The best solution to get around the not being able to delete icons problem is to modify the default users desktop so any new profiles will have the icons on their desktop and be able to delete them without affecting other users.

As for the existing users and the icons, the only work around I can think of other than modifying permission on the all users desktop is to create a script to remove the icons from the all users desktop and copy them to the users desktop.  They can delete them from there if they wish.
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20386736
You DON'T want users to change time.

Since the domain-joined PC account lives in it's own OU based on a Site then it should stay the same no matter where the user travels.

This is what the timezone does.  If the laptop user connects to a remote site in some other country then the timezone will make sure the local timestamps are correct based on the offset from GMT.  Other than the clock being out you should just let the user live with that.

0
 
LVL 1

Author Comment

by:securitythreat
ID: 20389588

My question is, if the users are in a subnet other than their site subnet, does the local machine recognize this and update the time?  If not, then the time is an issue.  It will mean that we will have to update the users OU everytime they travel and stay for a month or two.

Where do you set the time for each site?
0
 
LVL 51

Expert Comment

by:Netman66
ID: 20393142
On the local DC.

There are GPO settings for time services that can be linked to Sites so that when roaming users logon in those sites, then the time settings should be picked up by the laptop and point the client to the local server for time services.  This should remedy roaming problems.

0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …

825 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question