Group policy for to restrict desktop icons to only allow shortcuts?

Posted on 2008-11-11
Medium Priority
Last Modified: 2013-12-05

I'm currently rolling out some group policies and I am now becoming familiar with GPMC (group policy management console).

One of the policies I wish to create is one where the user can only create shortcuts on there desktops.. but should be unable to create or save word documents on there desktop, the way that I have thought of, is to somehow only allow certain file extentions for the desktop folder..

But i'm not really sure how i should/can impliment this really, or if there is a better way of doing this?

One of the many reasons of doing this, is that users tend to save documents to there desktop even with a mydocuments redirection to there home folder.

We are currently running both windows server 2000 & 2003, with all workstations running windows XP.

Any help would be greatly, greatly appreciated

Thanks & Kind Regards
Question by:billy_howard

Author Comment

ID: 22935407
Just to make clear if its not already;

A user should ONLY be able to create shortcuts on there desktop (.lnk file)

And should NOT be able to create or save word documents or any other file from either word... or any where else.

Thanks once again!
LVL 23

Expert Comment

by:Malli Boppe
ID: 22937033
I don't think their is any easy solution for this.

Accepted Solution

ms-pro earned 1000 total points
ID: 23112935
Give the users read permissions at the desktop folder or use a gpo. The policy is called "Prevent users from adding files to the root of their Users files folder" and it is located under (User Configuration\Administrative Templates\Windows Componenets/Windows Explorer)

Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Suggested Courses

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question