We have a situation there our users are able to delete icons from the shared desktop at the terminal server despite that permissions are set to READ.
Basic setup of two windows server 2008 machines. One as fileserver / AD and the other as terminal server.
Start menu for users are redirected to a shared folder \\fileserver\folder$. Desktop for users are made by simply putting all icons in C:\Users\Public\Desktop at the terminal server. This setup gives users the ability to add their own icons to desktop, and the file is saved in user desktop folder, i.e. \\fileserver\userprofiles\user\Desktop at the same time as the shared desktop stays intact.
Both start menu redirect folder and shared desktop folder have the same security settings and users are unable to delete from start menu, but as I said before, they can delete from shared desktop. Strange.
Users belong to following groups:
* Domain users
* Remote desktop users
* Office employes
File permission as well as folder permissions are set to
Domain users Read, show folder content
Interaktiv Read and execute
Deleting an icon as a user gives: "Do you want to move this to the trash bin?" YES. and then: "You need to enter administrator permissions to be able to delete.." CONTINUE
This removes the file/icon.
I would appriciate any idea about this.