Discussion in 'Windows Server Systems' started by celticfan11, Oct 5, 2007.
Stop users from adding desktop icons to the desktop, via GPO in server 2003. Thanks in advance
This site may help?
Check out this part of the document.
Appendix B: Non-Administrators Local Group Policy Settings
Im not sure this is what i want. Here is the scenario. GPO is already implimented so i am adding to an exsisting policy. I need to stop users from creating any new desktop icons, via copy and pasting or right clicking and sending to desktop.
OK i got it to work with the xcacls tool from MS
Basically i run a Cscript and it sets permissions on that users desktop folder to make it read only. NOW the problem is that whenever they run this script i get an error message stating ""you are not using csript for the scripting engine. Screen messages will be supressed." Googled to no avail. The script DOES work, but i get that annoying popup message. This is my script....
net use x: \\storage\script
xcacls.vbs "%userprofile%\desktop"\ /g domain\%username%:x r monson\administrator:f /s
net use x: /delete /yes
Also note that if an admin runs this script i get no error message. So there is something restricting something somewhere? Anyone?
Outout from the BAT file from a student logging in.
C:\>net use x: \\storage\script
System error 85 has occurred.
The local device name is already in use.
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Command line options are saved.
CScript Error: Can't change default script host.
Person who posted here was getting the same error.
At first the solutions are blurred out but if you scroll way down the page you will find the solutions that are not blurred out.
Their solution was to add "CScript//H:Cscript //S" which windows to run Cscript rather then Wscript. However i still get the error message even after doing exactly as the post says. This was one of that original posts that helped me figure this whole thing out.
I got it.
If i edited microsoft's cacls.vbs file and took out the following:
If Not IsEngineCScript Then
Wscript.Echo "You are not using CScript for the scripting engine." & vbcrlf & "Screen messages will be surpressed."
Then the error message goes away
So in the end i DID figure out how to stop users from editing their desktops. If anyone else needs to do this and they cant follow my posts, let me know i can summarize how i did it. Thanks for the replys.
May have been easier to just make desktops read only ?
That is what i did.
how would you propose doing this for 300 users. Making sure it applies to each user no matter where they login. In a way that would be easier?
? why didn't you just run the script with cscript instead of going through all that?
Going through all of what? The mapping of the drive i assume is what you mean? I am going to not do it that way when i impliment it. I was just doing it that way because i originally started off doing something and it changed to using that cscript. So i kinda just kept it in there.
no, i was referring to having to add a line in to change the default script host to cscript. You don't have to if you just run the vbs script by calling cscript.exe first (cscript <filename>). It won't prompt or cause any of the other problems.
I know it's not really much so maybe the use of the phrase "through all of that" was a little exaggerated. :s
ahhh ok i get it. I know close to nothing about scripts. So i just did it how i found it on forums. How would i go about doing what you reccommended?
Im assuming i just make a VBS file and have it state "cscript (finename)" plus its parameters?
yes.. if you calling the vbs script from a batch file, in the batch file, just add the line "cscript <filename> <parameters>"