Stop users saving to the desktop

We have a large number of users that regularly save to the desktop and as we use roaming profiles this causes lots of problems. No matter how often they are told no to they still do.

Is there a way to stop users from saving documents/copying files to their desktop but still allow them to create shortcuts?


Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

jimtechConnect With a Mentor Commented:
Here is another link you may want to check out:  Titled Lock down a desktop by setting up multiple mandatory profiles in a terminal server and MetaFrame environment
This powerpoint from Microsoft may answer your question here:
dnudelmanConnect With a Mentor Commented:
ROAMING profiles is not what you want.

Mandatory Profiles:

If you don't want your users to be able to save configuration changes to their NT environment, then use mandatory profiles.

On individual workstations you would rename the NTUSER.DAT file to NTUSER.MAN. This tells NT that no changes can be made to the profile. Users can still modify their NT environment while logged on, but they cannot save changes when they log off.

If you want a group of users, say the Accounting group, to use a mandatory profile, do this:

1. Create a user on a NT PC, log on as that user, and configure the NT PC the way you want it, log off.
2. Under your Profiles$ share on a NT server, create a profile directory for the group and give it a .man extension. For example, create an directory. Give the Accounting group at least Read and Execute permissions to this directory.
3. Log back on to the PC as an Admin, and copy the configured profile to the directory. For Permitted to use, assign the Accounting group.
4. Go to the directory on the server and rename NTUSER.DAT to NTUSER.MAN.
5. Open User Manager for Domains, select the members of the Accounting group, click the User Menu, then Properties, then Profile, and in the User Profile Path enter the path to the directory, \\server01\profiles$\

Now, when anyone in the accounting group logs in to the domain, they will get this mandatory profile on their PCs.


- You have to manually create a Mandatory Profile directory on a server. Unlike non-mandatory roaming profiles, NT will not create a user directory for you.
- If a user tries logging on, and the Mandatory Profile is not available (the server that it is on is unavailable), then the user will not be able to log on to their PC.

All Courses

From novice to tech pro — start learning today.