+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast
Results 16 to 30 of 47
Windows 7 Thread, Controlling Libraries with Group Policy in Technical; We're having the same problem with the libraries taking 5-10 secs to open under restricted accounts. dhoward, did you ever ...
  1. #16
    DJL
    DJL is offline

    Join Date
    Jan 2010
    Posts
    18
    Thank Post
    0
    Thanked 4 Times in 3 Posts
    Rep Power
    10
    We're having the same problem with the libraries taking 5-10 secs to open under restricted accounts. dhoward, did you ever find a fix for it?

    It seems as though Microsoft completely forgot about controlling libraries with group policy.

  2. #17
    dhoward_westexetc's Avatar
    Join Date
    May 2008
    Location
    Exeter, Devon
    Posts
    223
    Thank Post
    46
    Thanked 21 Times in 17 Posts
    Rep Power
    16
    Quote Originally Posted by DJL View Post
    We're having the same problem with the libraries taking 5-10 secs to open under restricted accounts. dhoward, did you ever find a fix for it?

    It seems as though Microsoft completely forgot about controlling libraries with group policy.
    Phew! I am glad I wasn't the only one!

    In the end I just googled the reg files to disable libraries completely and then found a neat little add-on to add the Classic Start Menu back to Windows 7. It is called Classic shell, and the homepage is here: Classic Shell. There are of course others, which are freeware.

    The nice thing about the classic menu is the links under documents are My Documents and My Pictures, not the libraries.

    All I have to do under our student policy now is find a way of removing the Favorites shortcuts (Downloads etc) in Explorer (they cause explorer.exe to crash, so removing them is more stable), remove the user folders links and tweak the start menu a bit then it is done!

  3. #18
    Nick_Parker's Avatar
    Join Date
    Jan 2008
    Location
    Dainfern, South Africa
    Posts
    437
    Thank Post
    95
    Thanked 18 Times in 13 Posts
    Rep Power
    17
    Quote Originally Posted by dhoward_westexetc View Post
    Phew! I am glad I wasn't the only one!

    In the end I just googled the reg files to disable libraries completely and then found a neat little add-on to add the Classic Start Menu back to Windows 7. It is called Classic shell, and the homepage is here: Classic Shell. There are of course others, which are freeware.

    The nice thing about the classic menu is the links under documents are My Documents and My Pictures, not the libraries.

    All I have to do under our student policy now is find a way of removing the Favorites shortcuts (Downloads etc) in Explorer (they cause explorer.exe to crash, so removing them is more stable), remove the user folders links and tweak the start menu a bit then it is done!
    You wouldn't happen to have a link to the reg file would you? And do you run it for every user that logs on? Or just on your default profile?

  4. #19
    Nick_Parker's Avatar
    Join Date
    Jan 2008
    Location
    Dainfern, South Africa
    Posts
    437
    Thank Post
    95
    Thanked 18 Times in 13 Posts
    Rep Power
    17
    Quote Originally Posted by AngryTechnician View Post
    Not a fix per se, but you could simply delete the local folder using Group Policy Preferences (or scripting if you haven't wrapped your head around GPP yet). We do this as a matter of course to keep the profiles tidy, so may be why we didn't notice this behaviour.
    Do you have some more details on this please?

  5. #20

    AngryTechnician's Avatar
    Join Date
    Oct 2008
    Posts
    3,730
    Thank Post
    698
    Thanked 1,212 Times in 761 Posts
    Rep Power
    394
    In a GPO that applies to the user, go to User Configuration > Preferences > Windows Settings > Folders

    Create a new Folder preference and set the action to Delete
    Set Path to %USERPROFILE%\Documents
    Tick the following: Delete this folder (if emptied), Recursively delete all subfolders (if emptied), Delete all files in folder(s), and Allow deletion of read-only files/folders

    On the Common tab:

    Tick Run in logged-on user's security context (user policy option)
    Tick Item-level targeting and click the Targeting... button


    Add a new File Match item:
    Match type: Folder exists
    Path: %USERPROFILE%\Documents

    Click OK twice.


    If it's set up correctly, you should see this when viewing the XML for the GPP item:

    Code:
    <?xml version="1.0" encoding="utf-8" ?> 
    - <Folder clsid="{07DA02F5-F9CD-4397-A550-4AE21B6B4BD3}" name="Documents" status="Documents" image="3" changed="2010-02-02 10:25:49" uid="{4450598C-7EFB-463C-971F-F9C84B70384E}" userContext="1" bypassErrors="1">
      <Properties action="D" path="%USERPROFILE%\Documents" deleteFolder="1" deleteSubFolders="1" deleteFiles="1" deleteReadOnly="1" deleteIgnoreErrors="0" readOnly="0" archive="1" hidden="0" /> 
    - <Filters>
      <FilterFile bool="AND" not="0" path="%USERPROFILE%\Documents" type="EXISTS" folder="1" /> 
      </Filters>
      </Folder>
    (The GUIDs may differ but everything else should be the same)

    Obviously if this works it WILL DELETE DATA, and if it goes awry it may delete the wrong data, so test first and use at your own risk.

  6. Thanks to AngryTechnician from:

    sonofsanta (20th September 2012)

  7. #21
    Nick_Parker's Avatar
    Join Date
    Jan 2008
    Location
    Dainfern, South Africa
    Posts
    437
    Thank Post
    95
    Thanked 18 Times in 13 Posts
    Rep Power
    17
    Quote Originally Posted by AngryTechnician View Post
    In a GPO that applies to the user, go to User Configuration > Preferences > Windows Settings > Folders

    Create a new Folder preference and set the action to Delete
    Set Path to %USERPROFILE%\Documents
    Tick the following: Delete this folder (if emptied), Recursively delete all subfolders (if emptied), Delete all files in folder(s), and Allow deletion of read-only files/folders

    On the Common tab:

    Tick Run in logged-on user's security context (user policy option)
    Tick Item-level targeting and click the Targeting... button


    Add a new File Match item:
    Match type: Folder exists
    Path: %USERPROFILE%\Documents

    Click OK twice.


    If it's set up correctly, you should see this when viewing the XML for the GPP item:

    Code:
    <?xml version="1.0" encoding="utf-8" ?> 
    - <Folder clsid="{07DA02F5-F9CD-4397-A550-4AE21B6B4BD3}" name="Documents" status="Documents" image="3" changed="2010-02-02 10:25:49" uid="{4450598C-7EFB-463C-971F-F9C84B70384E}" userContext="1" bypassErrors="1">
      <Properties action="D" path="%USERPROFILE%\Documents" deleteFolder="1" deleteSubFolders="1" deleteFiles="1" deleteReadOnly="1" deleteIgnoreErrors="0" readOnly="0" archive="1" hidden="0" /> 
    - <Filters>
      <FilterFile bool="AND" not="0" path="%USERPROFILE%\Documents" type="EXISTS" folder="1" /> 
      </Filters>
      </Folder>
    (The GUIDs may differ but everything else should be the same)

    Obviously if this works it WILL DELETE DATA, and if it goes awry it may delete the wrong data, so test first and use at your own risk.
    Thanks AngryTechnician, no luck tho, still leaves the "documents" folder.

  8. #22
    dhoward_westexetc's Avatar
    Join Date
    May 2008
    Location
    Exeter, Devon
    Posts
    223
    Thank Post
    46
    Thanked 21 Times in 17 Posts
    Rep Power
    16
    Quote Originally Posted by Nick_Parker View Post
    You wouldn't happen to have a link to the reg file would you? And do you run it for every user that logs on? Or just on your default profile?
    Sorry to be slow to reply, been a hectic couple of days!

    This is the link to the web page that I found to disable Libraries: How to Disable “Libraries” Feature in Windows 7? - Tweaking with Vishal

    They come as a zip file. It is a per machine setting so you can run it once on the machine and it will apply to all users. You could even put it in the base image I guess!

  9. #23
    bmdixon's Avatar
    Join Date
    Apr 2008
    Location
    Birmingham
    Posts
    255
    Thank Post
    43
    Thanked 58 Times in 39 Posts
    Rep Power
    22
    There is a custom gpo that can be used to do this.
    It's here. It allows you to remove more than just the Libraries, we're using it here on our W7 machines in the office.

  10. Thanks to bmdixon from:

    dhoward_westexetc (4th February 2010)

  11. #24
    dhoward_westexetc's Avatar
    Join Date
    May 2008
    Location
    Exeter, Devon
    Posts
    223
    Thank Post
    46
    Thanked 21 Times in 17 Posts
    Rep Power
    16
    Quote Originally Posted by bmdixon View Post
    There is a custom gpo that can be used to do this.
    It's here. It allows you to remove more than just the Libraries, we're using it here on our W7 machines in the office.
    You are a class A hero! My Windows 7 student PCs are now complete !! I just have to build them now!

    I notice it only hides libraries, not disables them completely. I may still run the reg file to disable them, but this will solve the Favorites links as well.

  12. #25

    Join Date
    Mar 2008
    Posts
    5
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0

    libraries

    We also found that quite a few applications try to write to these areas so if you disable them you're out of luck. Still need some more testing but so far that's our findings.

  13. #26

    Join Date
    Aug 2007
    Posts
    817
    Thank Post
    99
    Thanked 65 Times in 47 Posts
    Rep Power
    26
    Im having the same problems here.

    Everything would be fine if the C:\users\public wasnt linked by default.

    If I run the reg fixes to disable the libraries I aslo lose all links to the Documents/Music/Pictures on the start menu.

    If there a way that I can remove the libraries and then re-add the 3 links to the profiles?

    Also I cannot seem to remove the link to "Personal Folders"

    Ive found the key in the reg, but cant seem to apply it:

    [HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre ntVersion\Explorer\Advanced]
    "Start_ShowUser"=dword:00000001

    If anyone could please help ?

    1) Remove the Personal Folders" link on start menu by GP
    2) Remove the default setting adding "Public" to all users libraries.
    3) Add the normal links back for My docs / pictures / music

    Any help would be greatly appreciated!
    For now i have denied access to "C:\user\Public" to staff.

  14. #27

    Join Date
    Aug 2007
    Posts
    817
    Thank Post
    99
    Thanked 65 Times in 47 Posts
    Rep Power
    26
    Just Realised that when Staff - Deny permissions are set, click "defaults" in the libraries menu now does not recreate the share to the public folder

    I guess i need a way to have the "default" run on log in, or the

    "c:\Users\USERNAME\AppData\Roaming\Microsoft\Windo ws\Libraries" files deleted on startup

  15. #28
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,480
    Thank Post
    351
    Thanked 261 Times in 213 Posts
    Rep Power
    99
    I've managed to get a secure system with libraries running at last, incase it interests anyone this is how i have ours setup:

    Group policy preferences:
    GPP to delete the C:\Users\Public folder completely
    otherwise the links in pictures and music redirected folders goes to the local folders within it, dont have to delete the whole thing but i do and it doesnt seem cause a problem

    GPP to delete the registry key for libraries showing up in explorer:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
    Reason for this is this part seems to go weirdly slow, without it everything seemed better (You don't lose the start menu stuff this way)

    Mandatory profiles are configured and in the .v2 folder there are no folders anymore like there was with XP, just the ntuser.man files and nothing else, else you get the problem with a local folder and a redirected folder showing up!!!!

    This key stops people being able to write to the root of the user share (the GP of: Prevent users from adding files to the root of their Users Files folder. partially does it but you can still save documents there) This stops people from writing anything there (and even pops up asking if you want to save it to a folder within, in our case goes to the root of the H: drive which was lucky):

    Action: Create
    Hive HKEY_CURRENT_USER
    Key path Software\Microsoft\Windows\CurrentVersion\RunOnce
    Value name Prevent Users from adding files to the root of the User share
    Value type REG_SZ
    Value data icacls %userprofile% /deny "%userdomain%\%username%":(WD,AD,WDAC)

    Run in conjunction with this logoff script:
    icacls %userprofile% /remove:d "%userdomain%\%username%"
    icacls %userprofile% /grant "%userdomain%\%username%":(W,AD)

    That should do it i think, i've prossibly missed something somewhere but that's the main jist of it (i'll tidy this post up when i have time :p)

    EDIT: i also have GPPs to change the local appdata folder to being a hidden folder
    Last edited by mrbios; 9th March 2010 at 11:33 AM.

  16. Thanks to mrbios from:

    dhoward_westexetc (9th March 2010)

  17. #29
    dhoward_westexetc's Avatar
    Join Date
    May 2008
    Location
    Exeter, Devon
    Posts
    223
    Thank Post
    46
    Thanked 21 Times in 17 Posts
    Rep Power
    16
    Quote Originally Posted by mrbios View Post

    GPP to delete the registry key for libraries showing up in explorer:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Desktop\NameSpace\{031E4825-7B94-4dc3-B131-E946B44C8DD5}
    Reason for this is this part seems to go weirdly slow, without it everything seemed better (You don't lose the start menu stuff this way)
    Is this for the business of a library folder taking 10 seconds to load up?

  18. #30
    mrbios's Avatar
    Join Date
    Jun 2007
    Location
    Stroud, Gloucestershire
    Posts
    2,480
    Thank Post
    351
    Thanked 261 Times in 213 Posts
    Rep Power
    99
    Quote Originally Posted by dhoward_westexetc View Post
    Is this for the business of a library folder taking 10 seconds to load up?
    Well, yes and no, my issue was that libraries took 10 seconds to do anything from the shortcuts on the explorer bar, the start menu icons work fine, so this removed the ones from the explorer bar

SHARE:
+ Post New Thread
Page 2 of 4 FirstFirst 1234 LastLast

Similar Threads

  1. Group Policy
    By Iain.Faulkner in forum Windows Server 2000/2003
    Replies: 0
    Last Post: 30th April 2009, 04:16 PM
  2. Controlling context menu in group policies
    By thesk8rjesus in forum Network and Classroom Management
    Replies: 5
    Last Post: 5th September 2008, 10:21 AM
  3. group policy not being seen at all
    By krisd32 in forum Windows
    Replies: 5
    Last Post: 31st August 2007, 09:07 AM
  4. Group Policy
    By jman167 in forum Windows
    Replies: 1
    Last Post: 28th June 2007, 10:27 PM
  5. Group Policy
    By faza in forum Windows
    Replies: 15
    Last Post: 23rd May 2006, 09:39 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •