How do i?

Discussion in 'Windows Server Systems' started by celticfan11, Oct 5, 2007.

  1. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    Stop users from adding desktop icons to the desktop, via GPO in server 2003. :) Thanks in advance
     
  2. drz01

    drz01 Weekend DJ

    Messages:
    527
    Location:
    Toronto
  3. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    Im not sure this is what i want. Here is the scenario. GPO is already implimented so i am adding to an exsisting policy. I need to stop users from creating any new desktop icons, via copy and pasting or right clicking and sending to desktop.
     
  4. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    OK i got it to work with the xcacls tool from MS
    Basically i run a Cscript and it sets permissions on that users desktop folder to make it read only. NOW the problem is that whenever they run this script i get an error message stating ""you are not using csript for the scripting engine. Screen messages will be supressed." Googled to no avail. The script DOES work, but i get that annoying popup message. This is my script....


    c:
    net use x: \\storage\script
    x:
    CScript//H:Cscript
    xcacls.vbs "%userprofile%\desktop"\ /g domain\%username%:x r monson\administrator:f /s
    c:
    net use x: /delete /yes
    pause
     
  5. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    Also note that if an admin runs this script i get no error message. So there is something restricting something somewhere? Anyone?
     
  6. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    Outout from the BAT file from a student logging in.


    H:\>c:
    C:\>net use x: \\storage\script
    System error 85 has occurred.
    The local device name is already in use.

    C:\>x:
    X:\>CScript//H:Cscript //S
    Microsoft (R) Windows Script Host Version 5.6
    Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
    Command line options are saved.
    CScript Error: Can't change default script host.
     
  7. American Zombie

    American Zombie Moderator Staff Member Political User

    Messages:
    2,934
    Location:
    Seattle
    Person who posted here was getting the same error.
    At first the solutions are blurred out but if you scroll way down the page you will find the solutions that are not blurred out.
     
  8. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    Their solution was to add "CScript//H:Cscript //S" which windows to run Cscript rather then Wscript. However i still get the error message even after doing exactly as the post says. This was one of that original posts that helped me figure this whole thing out.
     
  9. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    I got it.

    If i edited microsoft's cacls.vbs file and took out the following:

    If Not IsEngineCScript Then
    Wscript.Echo "You are not using CScript for the scripting engine." & vbcrlf & "Screen messages will be surpressed."
    End if


    Then the error message goes away :)

    So in the end i DID figure out how to stop users from editing their desktops. If anyone else needs to do this and they cant follow my posts, let me know i can summarize how i did it. Thanks for the replys.
     
  10. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    May have been easier to just make desktops read only ?
     
  11. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    That is what i did.

    how would you propose doing this for 300 users. Making sure it applies to each user no matter where they login. In a way that would be easier?
     
  12. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    ? why didn't you just run the script with cscript instead of going through all that?
    Code:
    cscript <myscriptfile.vbs>
    
     
  13. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    Going through all of what? The mapping of the drive i assume is what you mean? I am going to not do it that way when i impliment it. I was just doing it that way because i originally started off doing something and it changed to using that cscript. So i kinda just kept it in there.
     
  14. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    no, i was referring to having to add a line in to change the default script host to cscript. You don't have to if you just run the vbs script by calling cscript.exe first (cscript <filename>). It won't prompt or cause any of the other problems.

    I know it's not really much so maybe the use of the phrase "through all of that" was a little exaggerated. :) :s
     
  15. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    ahhh ok i get it. I know close to nothing about scripts. So i just did it how i found it on forums. How would i go about doing what you reccommended?
    Im assuming i just make a VBS file and have it state "cscript (finename)" plus its parameters?
     
  16. fitz

    fitz Just Floating Along Staff Member Political User Folding Team

    Messages:
    4,076
    Location:
    Chicagoland
    yes.. if you calling the vbs script from a batch file, in the batch file, just add the line "cscript <filename> <parameters>"
     
  17. celticfan11

    celticfan11 Moderator

    Messages:
    744
    Location:
    Vernon, CT
    awesome, thanks