none
Prevent users from saving to desktop RRS feed

  • Question

  • Is there a way to prevent users (or a particular user) from saving to the desktop similar to the way steadystate policy works? What registry entry can be added for this? I like the functionality of steadystate's way of preventing it, but I cannot use that exact same way in a domain environment. Thanks.

    Tuesday, December 23, 2008 9:54 PM

Answers

  • Hi,

    SteadyState's restriction for this writes a reg key that triggers the Windows SteadyState Service to set/reset the ACL on the desktop folder.  You can try setting that same key for your domain users, but since this isn't something we officially support (or test!) I can't promise anything...

    [HKCU\Software\Microsoft\Shared Computer Toolkit]
    "PreventWriteDesktop"=dword:1

    Thanks,
    Rob Elmer
    Development Lead
    Windows SteadyState
    Tuesday, January 6, 2009 6:22 AM

All replies

  •  

    What about making the desktop Read-Only?  Another solution would be to have a startup script that deletes the desktop and then replaces it with what you want.

     

    There are likely other options, I would be surprised if AD did not have an option like this.

    Wednesday, December 24, 2008 6:12 PM
  • Well, I use Windows Disk Protection, so everything is wiped out, so adding/deleting icons is not the real issue. The real issue is I don't want users to save something to the desktop then the power goes out, or they reboot and forget to save to a flash drive. I'd like them to not be able to save at all. Any other solutions?

     

    I already use NoDrives and NoViewOnDrive registry entries set to 4 to prevent viewing of contents of c-drive, and this works great for everywhere except desktop I believe.

     

    When I try to deny access to c:\documents and settings\username\desktop folder, It does not stick. On the next login, the settings are back to full control. I have the user set as a local Power User.

     

    Ideally, I would like a hkey_current_user registry entry that could be added to prevent this. Anyone have one?

    Monday, January 5, 2009 11:03 PM
  • Hi,

    SteadyState's restriction for this writes a reg key that triggers the Windows SteadyState Service to set/reset the ACL on the desktop folder.  You can try setting that same key for your domain users, but since this isn't something we officially support (or test!) I can't promise anything...

    [HKCU\Software\Microsoft\Shared Computer Toolkit]
    "PreventWriteDesktop"=dword:1

    Thanks,
    Rob Elmer
    Development Lead
    Windows SteadyState
    Tuesday, January 6, 2009 6:22 AM
  • Rob,

    I just installed Steady State on  a group of worktations in a library and it works fine except for a few things:

    1.  Users are complaing that the timer disappears fro the desktop.  We don't reboot each time a user is done, just log off.  Is there a way to reposition the time to a default location each time a user logs in?  Somehow, users have figured out how to hide the timer.

    2.  Although I have disabled "Save to Desktop", Internet Explorer 7 does not obey this rule.  Any patch for this or IE7 registry fix?

    Thanks in advance,

    Nick
    nramoundos@gmail.com

    Tuesday, February 10, 2009 11:46 PM