Preventing users from saving to the Desktop - windows 7
I am using Group Policies and have been able to block our users from saving to the hard drive, we use a desktop management program called CybraryN that sits on top of Windows, between the GP and this program I have been able to control most issues. Our goal
is for the user to use a Flash Drive and save their work to that. We are finding more files on the desktop and they are not being cleared when the computer reboots. I would like to be able to block our public users from saving to the desktop if
possible through Group Policy but if you have another way I would be intrested.
thanks
GayrGary Krajacic Fayetteville Free Library
January 17th, 2012 4:46pm
We are doing this exact type of lockdown in our citrix environment. I have a batch file running in our GPO logon script, which in turn calls a powershell file. I wrote this when I first started out with powershell so it's not as clean as
I'd like. Also, it requires subinacl.exe in the system32 folder. I don't recall why I have the folder permission set to system and then back again to the user for Server 2008 systems, I really need to comment my scripts more.
$OSinfo = Gwmi Win32_OperatingSystem
$OSinfo = $OSinfo.caption
$server2008 = $false
If($OSinfo -eq "Microsoft Windows Server 2008 R2 Standard ") {$server2008 = $true}
$Domain = "<your domain>"
$Folder = "$env:userprofile\Desktop"
If($server2008) {cmd /c "subinacl.exe /file $Folder /setowner=System"}
If((Test-Path $Folder) -eq 0) {New-Item -type directory -path $Folder}
$Acl = Get-Acl $Folder
$Ar = New-Object system.security.accesscontrol.filesystemaccessrule("$Domain\$env:username","Write","Deny")
$Acl.SetAccessRule($Ar)
$Acl | Set-Acl $Folder
If($server2008) {cmd /c "subinacl.exe /file $Folder /setowner=$Domain\%username%"}
Free Windows Admin Tool Kit Click here and download it now
January 17th, 2012 5:18pm
any updates?Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
January 31st, 2012 4:54am