Anmelden
 
HomeLibraryDownloadsSupportWebcasts & EventsCommunityForenBlogs
Ressourcen für IT-Professionals >
Preventing desktop changes for users - Group Policy

Beantwortet Preventing desktop changes for users - Group Policy

  • Mittwoch, 27. Februar 2013 21:47
     
     
    Anmelden
    0
    HI guys.. I wanted to get some help. I have LAB computers and I wanted to prevent users from adding files, links, folders to their desktop. And probably take away the right click also. How can I do this with GP Server 2008 R2. Clients are Windows XP. Thanks you
     

Alle Antworten

  • Donnerstag, 28. Februar 2013 02:23
    Moderator
     
     Beantwortet
    Anmelden
    0

    Hi,

    One way is removing Modify perssion from user's desktop folder through startup script to restrict write access. Another way is using folder redirection to redirect the desktop to a network share folder which make it easier to manage permissions.

    Details please refer to below links:
    http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/042a06f5-bf36-48ae-b982-77cd75f56cab
    http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/c1997fc5-4707-4bac-b8ac-da3e4ae1d314/

    Folder Redirection Overview
    http://technet.microsoft.com/en-us/library/cc778976(v=WS.10).aspx

    Regards,
    Cicely

    • Als Antwort markiert myth20 Montag, 4. März 2013 22:47
    •  
     
  • Donnerstag, 28. Februar 2013 21:19
     
     
    Anmelden
    0

    I am testing things out. I'll reply back.

     
  • Freitag, 1. März 2013 14:23
     
     
    Anmelden
    0
    Here's a second option that I've used in training labs.  Instructor is teaching a class and wants certain icons on desktop along with documents for the class.  Students should not be able to modify items on the desktop.  First, start off with loopback processing (most likely Replace mode) so that user's User-side policy does not apply when they log into these computers.  Second, create a new share on a file server and call it something like \\yourfileserver\labuser (make sure you create all the sub-folders like Desktop, Documents, etc. that you will use); give Domain Users Read-Only control of the share and file permissions.  Third, create a Folder Redirection using the Basic Setting that redirects Desktop to \\yourfileserver\labuser\Desktop.  When users log in, they should receive the redirected Desktop and won't be able to make changes. 
     
  • Samstag, 2. März 2013 15:02
     
     
    Anmelden
    0

    I tried redirecting desktop but its not working. Here's what I did. 

    Created policy User Configuration - windows settings - folder redirection - destkop - properties - basic redirect everyones folder to the same location

    Target folder location - Root Path - \\server\users$\destkop. And I only gave read and excute writes. 

     
  • Montag, 4. März 2013 01:49
    Moderator
     
     
    Anmelden
    0

    Hi,

    >>I tried redirecting desktop but its not working.

    What's the error did you get? or anything else you mean "not working"? Is \\server\users$\desktop accessible?

    You can run "gpresult /h report.html" command to get more information about whether the folder redirection policy applies or why it fails to apply.

    A reference:

    How to use Group Policy to redirect the "Desktop", "My Documents", "Start Menu" and "Application Data" folders.
    http://www.virtualizationadmin.com/articles-tutorials/terminal-services/performance/configure-folder-redirection.html

    Regards,
    Cicely


     
  • Montag, 4. März 2013 22:49
     
     
    Anmelden
    0
    I managed to get the folder redirection to desktop working. And on destkop users cannot create folder and files which is thats what I wanted. But, when navigating to c:\documents and settings\all users\desktop\anyfolder they can still delete any objects and create. What else I am missing?
     
  • Dienstag, 5. März 2013 21:14
     
     
    Anmelden
    0
    Am 04.03.2013 23:49, schrieb myth20:
    > I managed to get the folder redirection to desktop working. And on
    > destkop users cannot create folder and files which is thats what I
    > wanted. But, when navigating to c:\documents and settings\all
    > users\desktop\anyfolder they can still delete any objects and create.
    > What else I am missing?
     
    All Users desktop is a different folder... Change ACLs and you'll be done.
    Basically:
     
    NO THEY ARE NOT EVIL, if you know what you are doing: Good or bad GPOs?
    Wenn meine Antwort hilfreich war, freue ich mich über eine Bewertung! If my answer was helpful, I'm glad about a rating!
     
  • Dienstag, 5. März 2013 23:05
     
     
    Anmelden
    0
    I disable the right click so users cannot add file, shortcut and delete. Of course the delete button still available in the keyboard. Hopefully they wont go to that far.