Stop users saving to the desktop

We have a large number of users that regularly save to the desktop and as we use roaming profiles this causes lots of problems. No matter how often they are told no to they still do.

Is there a way to stop users from saving documents/copying files to their desktop but still allow them to create shortcuts?


Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

This powerpoint from Microsoft may answer your question here:
Here is another link you may want to check out:  Titled Lock down a desktop by setting up multiple mandatory profiles in a terminal server and MetaFrame environment

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ROAMING profiles is not what you want.

Mandatory Profiles:

If you don't want your users to be able to save configuration changes to their NT environment, then use mandatory profiles.

On individual workstations you would rename the NTUSER.DAT file to NTUSER.MAN. This tells NT that no changes can be made to the profile. Users can still modify their NT environment while logged on, but they cannot save changes when they log off.

If you want a group of users, say the Accounting group, to use a mandatory profile, do this:

1. Create a user on a NT PC, log on as that user, and configure the NT PC the way you want it, log off.
2. Under your Profiles$ share on a NT server, create a profile directory for the group and give it a .man extension. For example, create an directory. Give the Accounting group at least Read and Execute permissions to this directory.
3. Log back on to the PC as an Admin, and copy the configured profile to the directory. For Permitted to use, assign the Accounting group.
4. Go to the directory on the server and rename NTUSER.DAT to NTUSER.MAN.
5. Open User Manager for Domains, select the members of the Accounting group, click the User Menu, then Properties, then Profile, and in the User Profile Path enter the path to the directory, \\server01\profiles$\

Now, when anyone in the accounting group logs in to the domain, they will get this mandatory profile on their PCs.


- You have to manually create a Mandatory Profile directory on a server. Unlike non-mandatory roaming profiles, NT will not create a user directory for you.
- If a user tries logging on, and the Mandatory Profile is not available (the server that it is on is unavailable), then the user will not be able to log on to their PC.

It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.