Solved

Disable "New>Shortcut" using Group Policy

Posted on 2010-11-30
6
1,084 Views
Last Modified: 2012-08-13
Hello, I have tired looking on google for information on this but with no success.

I want to be able to lock down certain user accounts in Group Policy to disable the ability of creating short cuts from the file menu and by right clicking. We have important hard drives hidden, however to get past this users are creating short cuts to the c: drive etc.

So ideally I was looking for a solution using group policy to disable the ability of creating new shortcuts. Any ideas?
0
Comment
Question by:alumwell
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 12

Accepted Solution

by:
udaya kumar laligondla earned 250 total points
ID: 34237002
any one can access the files even if you block creation of the shortcut if they have access. one way is to remove the groups from the drive's security list(using the security tab of the properties) this will help you to implement all kinds of controls you want to impose for the group.
0
 

Author Comment

by:alumwell
ID: 34237596
I still dont mind them viewing the drive, they cant alter anything, however they can see network drives which store login scripts and security so I wish them not been able to view files like that.
0
 
LVL 12

Expert Comment

by:udaya kumar laligondla
ID: 34237720
if the drive is local (C:,D: etc)on the machine you can change the security settings of the drive to make the files not accssible, they can view the drive but can not browse the files.
if the drive is a network share(\\targetmachine\C$" mapped as drive then it is difficult to stop them from viewing the file, once you map the drive you will not be able to set the security settings for the same
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:alumwell
ID: 34237905
Its not a local drive its a network drive. However it is not mapped. The login script is called which is stored on the network drive. If there is an error on the login script it will display a message along with the location of the file. Now most users wont think another thing of it, however there are some users of our network who go out of their way to hack and break into stuff. I would like to prevent this from happening
0
 
LVL 1

Assisted Solution

by:dwarner8
dwarner8 earned 250 total points
ID: 34239222
On your network drive. Make sure your have NTFS permissions and set the security to allow users only the right to read. Right click on the drives properties, go to the security tab, and make sure your users can read only.
0
 

Author Closing Comment

by:alumwell
ID: 34266867
It has fixed the current problem but not prevented users from creating short cuts
0

Featured Post

NEW Veeam Agent for Microsoft Windows

Backup and recover physical and cloud-based servers and workstations, as well as endpoint devices that belong to remote users. Avoid downtime and data loss quickly and easily for Windows-based physical or public cloud-based workloads!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Getting to know the threat landscape in which DDoS has evolved, and making the right choice to get ourselves geared up to defend against  DDoS attacks effectively. Get the necessary preparation works done and focus on Doing the First Things Right.
Recovering from what the press called "the largest-ever cyber-attack", IT departments worldwide are discussing ways to defend against this in the future. In this process, many people are looking for immediate actions while, instead, they need to tho…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question