+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 16
Windows Thread, Removing ablitiy to create shortcuts. in Technical; I am looking for a way via gpo to accomplish disabling the creation of new shortcut in the context menu ...
  1. #1

    Join Date
    Feb 2007
    Posts
    34
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    16

    Removing ablitiy to create shortcuts.

    I am looking for a way via gpo to accomplish disabling the creation of new shortcut in the context menu when you do a file > new > folder/shortcut.

    Students are creating shortcuts to the local drive and installing software and games. This is has become a real pain to try and stop.

  2. #2
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    21

    Re: Removing ablitiy to create shortcuts.

    What kind of Servers do you have - if they are Windows Server 2003 R2, you can use File Extension blocking which prevents the creation of shortcuts on the server (which may help).

    We make all students use a single mandatory profile with redirected desktop and start menu - so they CAN'T create anything on them - they get what we give them.

    Failing the server idea above - more information about your setup would be helpful - do your students have individual profiles or do they share a common one? Are your students administrators or power users on the PCs (don't laugh, several LEA recommendations prior to Server 2003 was to make EVERYONE a local admin to avoid 'software installation issues'... we didn't follow that one)?

  3. #3

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    487
    Thank Post
    30
    Thanked 14 Times in 8 Posts
    Rep Power
    18

    Re: Removing ablitiy to create shortcuts.

    Have you not got the following GPO setting enabled? This will stop them being able to locate the Local Drive at all.

    User Configuration > Administrative Templates > Windows Components > Windows Explorer > "Hide these specified drives in My Computer".

    This will solve your problem; alternatively why not disable the Windows Explorer Context Menu?

  4. #4
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,637
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    22

    Re: Removing ablitiy to create shortcuts.

    Hiding the drives with that policy does not stop a shortcut from letting you access it.

  5. #5

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,804
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: Removing ablitiy to create shortcuts.

    Use a file restriction policy setting to prevent them accessing *.lnk files. Then make exceptions for "%ALLUSERSPROFILE%\Start Menu" and \\server\share\profile\Start Menu.

  6. #6

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    487
    Thank Post
    30
    Thanked 14 Times in 8 Posts
    Rep Power
    18

    Re: Removing ablitiy to create shortcuts.

    Quote Originally Posted by mrforgetful
    Hiding the drives with that policy does not stop a shortcut from letting you access it.
    Ah right, I had the impression it removed it from my computer, therefore, when browsing for a location for the shortcut to point too, it isn’t available.

    If they’re aware of the path, i.e. C:\Windows, this is also prevented by this policy.

    That's what happens on my W2K3 Network anyhow?

  7. #7
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,637
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    22

    Re: Removing ablitiy to create shortcuts.

    Nah, you have to set the one below that 'Prevent Access to....'

  8. #8

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    487
    Thank Post
    30
    Thanked 14 Times in 8 Posts
    Rep Power
    18

    Re: Removing ablitiy to create shortcuts.

    Opps!! Of course you do! Sorry my fault!

    Yes, remember to enable "Prevent access to drives from My Computer" which is below the above policy setting. hehe

    Cheers 'mrforgetful'!

  9. #9
    mrforgetful's Avatar
    Join Date
    May 2006
    Posts
    1,637
    Thank Post
    7
    Thanked 15 Times in 15 Posts
    Rep Power
    22

    Re: Removing ablitiy to create shortcuts.

    hehe no problem, I stranglely like Group Policy stuff!

  10. #10

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    487
    Thank Post
    30
    Thanked 14 Times in 8 Posts
    Rep Power
    18

    Re: Removing ablitiy to create shortcuts.

    Yeah I have a 'soft spot' for Group Policy also!

  11. #11

    Join Date
    Feb 2007
    Posts
    34
    Thank Post
    0
    Thanked 2 Times in 2 Posts
    Rep Power
    16

    Re: Removing ablitiy to create shortcuts.

    background info: win2003 server w/ sp2. all xp workstations w/ roaming profiles.

    they still need access to local drive, some programs need access to program files. So I cant prevent access to.

    I had tried to create a path rule in software restrictions, was unsuccessful.

  12. #12

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    487
    Thank Post
    30
    Thanked 14 Times in 8 Posts
    Rep Power
    18

    Re: Removing ablitiy to create shortcuts.

    Even with "Prevent..." enabled - I believe programs can still access it. We have a range of programs installed locally built into our images, these program are still accessible by students with that GPO enforced.

  13. #13
    azrael78's Avatar
    Join Date
    Sep 2007
    Location
    Devon
    Posts
    383
    Thank Post
    47
    Thanked 37 Times in 33 Posts
    Rep Power
    21

    Re: Removing ablitiy to create shortcuts.

    Yeah that's right - even with the GPO 'Hide these drives...' and 'Prevent access to these drives...' settings - they can still create shortcuts to paths on the drives you block, but I may not be 100% correct on that.

    Try enabling the GPO for 'hide these drives...' and 'prevent access to these drives...' in a test GPO (so that you don't impact the whole network) and then test it with a student login, see if you can make a shortcut to a 'hidden' drive (C: would be a good choice).

    You should still find that your applications will still happily run even with the GPOs in place - it's only when you start using NTFS permissions to lock down the drives that applications may start to complain at you.

  14. #14


    Join Date
    Oct 2006
    Posts
    3,411
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149

    Re: Removing ablitiy to create shortcuts.

    Gambit - the issue here is not preventing pupils from accessing the c:\ with ever more creative ways of doing so. The underlieing issue is why do the pupils have write access to the c: in the first place?

    If they dont have write permissions then they cant install software. Simple as that really. You'll obviously have to correct all the permissions for any crap software which wants write access to certain files/folders but once you get on top of it you'll be alot better off.

  15. #15

    Join Date
    Nov 2006
    Location
    Reading, UK
    Posts
    487
    Thank Post
    30
    Thanked 14 Times in 8 Posts
    Rep Power
    18

    Re: Removing ablitiy to create shortcuts.

    'j17sparky' you've got a very good point!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Student Shortcuts
    By Silverman in forum How do you do....it?
    Replies: 6
    Last Post: 7th December 2007, 03:46 PM
  2. need a script to delete shortcuts
    By philtomo-25 in forum Scripts
    Replies: 2
    Last Post: 1st November 2007, 03:50 PM
  3. problem implementing desktop shortcuts
    By Uraken in forum Windows
    Replies: 16
    Last Post: 1st March 2007, 12:36 PM
  4. Replies: 4
    Last Post: 12th December 2006, 05:33 PM
  5. Adding shortcuts to Sims.net
    By eejit in forum Windows
    Replies: 26
    Last Post: 22nd June 2005, 03:35 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •