Forbidding users to save files to desktop.

**andyturpie** · 26th May 2010, 03:51 PM

Good Afternoon ladies & gents.

I was wondering if there was such a policy we could send out to our teachers that forbids any files being saved to their desktop forcing to their docs area, but allow shortcuts to installed programs through? Had a brief look through the microsoft spreadsheet, but nothing jumps out at me

Any ideas on this one gang?

Andy T

**danrhodes** · 26th May 2010, 03:55 PM

Why not use GP to redirect the Desktop to one central location on the server, apply NTFS ACL permissions to that folder so that staff can only read, this way you have controll over what is on their desktop from one central location, all the program shortcuts can either go on the desktop of a seperate re-directed startmenu.

1. Edit user GPO
2. Go to user config
3. Go to folder redirection
4. Right click folder redirection and click properties.
5. Redirect all to same location
6. Create a folder on your server, share is as "Desktop" and apply NTFS ACL's to give staff read permission.
7. Enter the address into the location as \\servername\desktop
8. Sit back and relax.

D

**ICT_GUY** · 26th May 2010, 04:02 PM

Originally Posted by danrhodes

Why not use GP to redirect the Desktop to one central location on the server, apply NTFS ACL permissions to that folder so that staff can only read, this way you have controll over what is on their desktop from one central location, all the program shortcuts can either go on the desktop of a seperate re-directed startmenu.

1. Edit user GPO
2. Go to user config
3. Go to folder redirection
4. Right click folder redirection and click properties.
5. Redirect all to same location
6. Create a folder on your server, share is as "Desktop" and apply NTFS ACL's to give staff read permission.
7. Enter the address into the location as \\servername\desktop
8. Sit back and relax.

D

That is how we do it here.

**sted** · 26th May 2010, 04:21 PM

you could block it entirely with a script that just removed their access to %userprofile%\desktop on logon but that would stop shortcuts as well

what about folder redirection to \\server\desktops\staff\%username% and then enabling a Quota of say 1mb

**Hightower** · 26th May 2010, 04:28 PM

Originally Posted by danrhodes

Why not use GP to redirect the Desktop to one central location on the server, apply NTFS ACL permissions to that folder so that staff can only read, this way you have controll over what is on their desktop from one central location, all the program shortcuts can either go on the desktop of a seperate re-directed startmenu.

1. Edit user GPO
2. Go to user config
3. Go to folder redirection
4. Right click folder redirection and click properties.
5. Redirect all to same location
6. Create a folder on your server, share is as "Desktop" and apply NTFS ACL's to give staff read permission.
7. Enter the address into the location as \\servername\desktop
8. Sit back and relax.

D

This is how I would do it too

**azrael78** · 27th May 2010, 11:31 AM

Originally Posted by danrhodes

Why not use GP to redirect the Desktop to one central location on the server, apply NTFS ACL permissions to that folder so that staff can only read, this way you have controll over what is on their desktop from one central location, all the program shortcuts can either go on the desktop of a seperate re-directed startmenu.

1. Edit user GPO
2. Go to user config
3. Go to folder redirection
4. Right click folder redirection and click properties.
5. Redirect all to same location
6. Create a folder on your server, share is as "Desktop" and apply NTFS ACL's to give staff read permission.
7. Enter the address into the location as \\servername\desktop
8. Sit back and relax.

D

This + use FSRM if you are Server 2003R2/2008.
You can then stop all kinds of files being saved on the desktop as well but still permit shortcuts, perhaps even throw a quota in there also?

Az

**danrhodes** · 27th May 2010, 12:27 PM

Sounds like a good mix :-)

**nephilim** · 27th May 2010, 12:30 PM

Originally Posted by danrhodes

Why not use GP to redirect the Desktop to one central location on the server, apply NTFS ACL permissions to that folder so that staff can only read, this way you have controll over what is on their desktop from one central location, all the program shortcuts can either go on the desktop of a seperate re-directed startmenu.

1. Edit user GPO
2. Go to user config
3. Go to folder redirection
4. Right click folder redirection and click properties.
5. Redirect all to same location
6. Create a folder on your server, share is as "Desktop" and apply NTFS ACL's to give staff read permission.
7. Enter the address into the location as \\servername\desktop
8. Sit back and relax.

D

That's how I do it, and whilst I sit back and relax, I also listen to the complaints come rolling in about lost files etc, but I warn them that it is at their own detriment if they do not save it to the my documents folder like I tell them too!

**andyturpie** · 28th May 2010, 08:22 AM

Guys sounds like a plan, thanks again for your ideas - much appriciated

**danrhodes** · 28th May 2010, 08:41 AM

No problem, that's what were here for :-)

LinkBack

Thread Tools

Search Thread

Forbidding users to save files to desktop.

Thanks to danrhodes from:

Thanks to ICT_GUY from:

Thanks to Hightower from:

Thanks to azrael78 from:

Thanks to nephilim from:

Similar Threads

Changing the default save location to the users home directory

Read only directory structure which users can save files in. NTFS permissions?

sims slow to save data for some users

AD Users cannot save to MP3 players/Cameras

Powerpoint files won't save - folder marked as read only?!

Thread Information

Users Browsing this Thread

Posting Permissions