Re: Prevent User from Saving/Changing Files on Desktop

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Jason Ryon (JasonRyon_at_discussions.microsoft.com)
Date: 12/29/04 

Date: Wed, 29 Dec 2004 13:39:01 -0800

This works very nicely. Thank you.

One more thing...now if something attempts to write to this, it gives an
error saying "Cannot save or replace filename: Access is denied. Make sure
that the disk is not full or write protected and that the file is not
currently in use."

Is there someway to change this error message to say something like "You
cannot save to this desktop, please save all items to removable media or to
your network file space"?

"Roger Abell" wrote:

> You could try using cacls in a login script to replace the
> user's grant on the desktop folder in their profile.
> Evidently the profile is always recreated when they log in
> so you need to make the adjustment in the login script, and,
> as they normally will have a grant of full control they are
> able to change the permissions (or rather, it is possible in
> their login script context)
>
> cacls "%userprofile%\desktop" /t /e /p %username%:r
>
> The savy user may notice that, if they have ownership of
> their profile, they can change the permissions.
>
> --
> Roger Abell
> Microsoft MVP (Windows Security)
> MCSE (W2k3,W2k,Nt4) MCDBA
> "Jason Ryon" <JasonRyon@discussions.microsoft.com> wrote in message
> news:E36BF11B-3BDF-4852-B7F9-A07ACAB25A09@microsoft.com...
> > Does anybody know how to prevent the users on a computer from storing
> their
> > files to the desktop (WinXP)? This will be used for a lab environment,
> where
> > the profiles are automatically deleted from the computer after log off. I
> > want to restrict it so the users can't even save files temporarily to the
> > desktop (save to, or drag to, etc.) so they won't feel bad when their
> files
> > are deleted. Any ideas?
>
>
>

Relevant Pages

  • Re: Prevent User from Saving/Changing Files on Desktop
    ... You could try using cacls in a login script to replace the ... user's grant on the desktop folder in their profile. ... they can change the permissions. ...
    (microsoft.public.windows.group_policy)
  • Re: Prevent User from Saving/Changing Files on Desktop
    ... > "Roger Abell" wrote: ... >> user's grant on the desktop folder in their profile. ... >> so you need to make the adjustment in the login script, and, ... they can change the permissions. ...
    (microsoft.public.windows.group_policy)
  • Re: windows 2000 domain rebuilt, how to keep local user profiles?
    ... ** How do I link an existing local user profile with a new domain ... SID that belongs to this profile ... Use the following commands to correct the permissions for the old user ...
    (microsoft.public.win2000.active_directory)
  • Re: Local permissions for roaming profile to work
    ... I set up the share for the profiles and shared it as "roaming$" and followed ... size of the whol folder was given as zero. ... I will check the permissions you listed but could you tell me if the ... > client workstation for roaming profile. ...
    (microsoft.public.windows.server.sbs)
  • Re: Encoder.PrepareToEncode gives Unspecified Error
    ... Inbuilt User "Network Service" added to administrators group on the server ... Service) has limited permissions to access files. ... more line for log to know the executing user and it is "Network Servicces". ... Create instance of profile ...
    (microsoft.public.windowsmedia.encoder)