I am looking for a way via gpo to accomplish disabling the creation of new shortcut in the context menu when you do a file > new > folder/shortcut.
Students are creating shortcuts to the local drive and installing software and games. This is has become a real pain to try and stop.
What kind of Servers do you have - if they are Windows Server 2003 R2, you can use File Extension blocking which prevents the creation of shortcuts on the server (which may help).
We make all students use a single mandatory profile with redirected desktop and start menu - so they CAN'T create anything on them - they get what we give them.
Failing the server idea above - more information about your setup would be helpful - do your students have individual profiles or do they share a common one? Are your students administrators or power users on the PCs (don't laugh, several LEA recommendations prior to Server 2003 was to make EVERYONE a local admin to avoid 'software installation issues'... we didn't follow that one)?
Have you not got the following GPO setting enabled? This will stop them being able to locate the Local Drive at all.
User Configuration > Administrative Templates > Windows Components > Windows Explorer > "Hide these specified drives in My Computer".
This will solve your problem; alternatively why not disable the Windows Explorer Context Menu?
Hiding the drives with that policy does not stop a shortcut from letting you access it.
Use a file restriction policy setting to prevent them accessing *.lnk files. Then make exceptions for "%ALLUSERSPROFILE%\Start Menu" and \\server\share\profile\Start Menu.
Ah right, I had the impression it removed it from my computer, therefore, when browsing for a location for the shortcut to point too, it isn’t available.Originally Posted by mrforgetful
If they’re aware of the path, i.e. C:\Windows, this is also prevented by this policy.
That's what happens on my W2K3 Network anyhow?
Nah, you have to set the one below that 'Prevent Access to....'
Opps!! Of course you do! Sorry my fault!
Yes, remember to enable "Prevent access to drives from My Computer" which is below the above policy setting. hehe
Cheers 'mrforgetful'!
hehe no problem, I stranglely like Group Policy stuff!
Yeah I have a 'soft spot' for Group Policy also!
background info: win2003 server w/ sp2. all xp workstations w/ roaming profiles.
they still need access to local drive, some programs need access to program files. So I cant prevent access to.
I had tried to create a path rule in software restrictions, was unsuccessful.
Even with "Prevent..." enabled - I believe programs can still access it. We have a range of programs installed locally built into our images, these program are still accessible by students with that GPO enforced.
Yeah that's right - even with the GPO 'Hide these drives...' and 'Prevent access to these drives...' settings - they can still create shortcuts to paths on the drives you block, but I may not be 100% correct on that.
Try enabling the GPO for 'hide these drives...' and 'prevent access to these drives...' in a test GPO (so that you don't impact the whole network) and then test it with a student login, see if you can make a shortcut to a 'hidden' drive (C: would be a good choice).
You should still find that your applications will still happily run even with the GPOs in place - it's only when you start using NTFS permissions to lock down the drives that applications may start to complain at you.
Gambit - the issue here is not preventing pupils from accessing the c:\ with ever more creative ways of doing so. The underlieing issue is why do the pupils have write access to the c: in the first place?
If they dont have write permissions then they cant install software. Simple as that really. You'll obviously have to correct all the permissions for any crap software which wants write access to certain files/folders but once you get on top of it you'll be alot better off.
'j17sparky' you've got a very good point!
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
LinkBack URL
About LinkBacks
Reply With Quote