Possible to deny everything -but- shortcuts on the desktop?
I believe in stick. Say no to carrots. Stick always works.
So now I want to lock down my users XP desktops to prevent them from filling their roaming profiles with crap. And yeah corporate policy and so on and on should really be enough, but unless it is impossible to save data to the desktop it WILL happen.
But not any more, if I get this sorted out. I want users to be able to create shortcut-files (*.lnk) on the desktop but nothing more, no folders or other files of any kind. Of course someone could then go and resave some other file as a lnk just to prove its possible - but that wouldn't interest me and doesnt defeat my idea.
Anyone done anything like this? A fully locked down setup is easy, but I do recognize that a somewhat personalized icon setup on the desktop has its purpose. VBS scripting maybe? I've thought about it, but not come up with a solution yet, so possibly something else, a 3rd party solution perhaps?
Any ideas very much appreciated.
So now I want to lock down my users XP desktops to prevent them from filling their roaming profiles with crap. And yeah corporate policy and so on and on should really be enough, but unless it is impossible to save data to the desktop it WILL happen.
But not any more, if I get this sorted out. I want users to be able to create shortcut-files (*.lnk) on the desktop but nothing more, no folders or other files of any kind. Of course someone could then go and resave some other file as a lnk just to prove its possible - but that wouldn't interest me and doesnt defeat my idea.
Anyone done anything like this? A fully locked down setup is easy, but I do recognize that a somewhat personalized icon setup on the desktop has its purpose. VBS scripting maybe? I've thought about it, but not come up with a solution yet, so possibly something else, a 3rd party solution perhaps?
Any ideas very much appreciated.
0 Comments
[ + ] Show comments
Answers (1)
Please log in to answer
Posted by:
yarborg
16 years ago
We did something like this before but instead of restricting access I just delete everything that is not part of what I want on the desktop at each login. This turned out to be a better solution because you can still allow people to create documents of certain size or shortcuts etc but if an item doesn't meet your criteria it's gone. Alternatively, you could have the script move inappropriate items to another location and let the user know that those items will be deleted after a certain amount of time. If they want to keep them then they need to place them somewhere else.
Rating comments in this legacy AppDeploy message board thread won't reorder them,so that the conversation will remain readable.
