desktop - deny writing policy

C

chaos.jedi

Exist a policy or way to block writing on desktop?
It also possible to do this, for document folder?
 
J

jwgoerlich@gmail.com

Sure. Change the security permissions on the %userprofile%\Desktop
folder. Uncheck [ ] Allow inheritable permissions from the parent. Set
the user account up to allow only List Folder Contents and Read.
Verify that Creator Owner is not on the list. Leave Administrators and
Systems with Full Control. This will allow the person to view their
desktop without access to create new content or write to existing
files.

J Wolfgang Goerlich

On Jan 7, 12:06 pm, chaos.jedi <chaosj...@discussions.microsoft.com>
wrote:
> Exist a policy or way to block writing on desktop?
> It also possible to do this, for document folder?
 
C

chaos.jedi

I had already tried this way, but it is not practical and manageable
especially if I have to apply the change to different users.

If you can do it with a policy is much better.

Thanks.
 
J

jwgoerlich@gmail.com

You can accomplish this with Group Policy. Create a policy. Open
Computer Configuration > Windows Settings > Security Settings > File
System. Add the File:

%UserProfile%\Desktop

Grant the permissions as appropriate. Check (o) Replace existing
permissions on all subfolders and files with inheritable permissions.
Instead of explicitly defining the user name, grant .\Users the
permissions. This is easy to manage but does mean that any one user
can read any other users.

J Wolfgang Goerlich

On Jan 8, 3:17 am, chaos.jedi <chaosj...@discussions.microsoft.com>
wrote:
> I had already tried this way, but it is not practical and manageable
> especially if I have to apply the change to different users.
>
> If you can do it with a policy is much better.
>
> Thanks.
 
J

jwgoerlich@gmail.com

I will give the old engineer's answer: works fine out here.

I need more information to help you. When you tried the policy, what
exactly were the results? What were the resultant ntfs permissions on
the desktop folder?

J Wolfgang Goerlich

On Jan 9, 11:06 am, chaos.jedi <chaosj...@discussions.microsoft.com>
wrote:
> Ok I tried this solution, but don't work
 
You must log in or register to reply here.

Similar threads

M
If i apply Software restriction policy to block exe files, can't we install software remotely from third party software like desktop central on the ma
Replies
0
Views
33
Manish Dixit_brtp
M
M
blocking some USB devices
Replies
0
Views
16
Michael Beaver Admin
M
L
GPO failed to apply to domain computers
Replies
0
Views
6
LAM TUNG DINH
L
F
Onedrive on Rds Host
Replies
0
Views
15
Fabrizio.Co
F
F
Computer disk writing at 500mbs constantly
Replies
0
Views
20
Felix E.P.
F
Back
Top Bottom