PDA

View Full Version : how can i stop users from putting files on their desktops? ws2k3



mOOseCaNNoN
28-11-2008, 01:43 PM
Hi,
I have an annoying problem at work and I'm sure this doesn't only happen to me. We are running windows server 2003 R2 sp2 with winxp pro sp2 clients. All users have roaming profiles and their documents are redirected to their own folder on the file server %username%\documents and their profile to %username%\profile.

The problem i have is with users putting large files on their desktop. When a user logs in it copies down their profile from the server to the local machine (to be worked on) and when they log out it is uploaded back to the server, this isn't the case for their mydocuments folder as folder redirection just directs it straight to the server. If a user has say a large video file on their desktop and they log into a computer which they've never logged into before it will take a while for them to log in because it's copying the file to the local hard drive C:\documents and settings\%username%\desktop .

I constantly tell the users not to put large files on their desktop or this will happen. The epic problem is that if they delete the large file, it deletes it from the server and the local machine (i think/hope) but then when they log in to a computer that they've previously logged into (before they deleted the large file) the file reappears because it was on that local hard drive, so when they log out it loads it back to the server and therefore loads it onto any other computer they log into from then on ! users tell me the files on the desktop that they delete keep coming back and this must be why.

The only way I can fix this (and it's a pain) is to delete the file from the server and then go around to any machine they've logged on to and delete it from there.

I've heard of this happening to other people, is it Microsoft's fault or is our system not setup properly? I didn't setup the system I've just been maintaining it, I've set the 'delete cached copy of local profile on log off' in group policy but that doesn't seem to work ... The only thing i can think to do is to somehow lock the desktop for all users so that they can't store anything on their desktop = PROBLEM SOLVED!

So does anyone know of any way in locking the desktop or perhaps another way around this problem?

Thanks :)

nofam
28-11-2008, 02:02 PM
Couldn't you just change the permissions on %username%\profile\desktop to read-only?

mOOseCaNNoN
28-11-2008, 02:08 PM
yes, but then I would have to do it for every user and when ever a new user is created. A bit of a mission unless there is somewhere in group policy ?

nofam
28-11-2008, 02:11 PM
yes, but then I would have to do it for every user and when ever a new user is created. A bit of a mission unless there is somewhere in group policy ?

Sorry Moose - what I meant was doing this by altering the login.bat that maps their drives etc; this would affect any user that logged into your Domain.

mOOseCaNNoN
28-11-2008, 02:20 PM
oh ok so you mean changing their profile path to a different folder that is read-only? if this is what you mean wouldn't it make their whole profile read only not just the desktop folder ? this would cause problems with outlook etc.

pctek
28-11-2008, 02:50 PM
You know by default most things like browsers and email progs have attachments and downloads save to desktop?

Its hideous.

SolMiester
28-11-2008, 03:35 PM
oh ok so you mean changing their profile path to a different folder that is read-only? if this is what you mean wouldn't it make their whole profile read only not just the desktop folder ? this would cause problems with outlook etc.

That wouldnt work, because the folder is read only, the user profile wouldnt be able to write to the folder...

Anyway, I know exactly how you feel....

What I do, is change all user profiles to local, except the profile for the user who's PC it is, that way, only the users pc profile is updated, when a user logs into a different pc, the local profile is updated, but never gets copied back up to the server except for the one pc the user has most of the time.....

or, re-direct the profile to the users home directory, that way not the entire profile gets written to the local desktop....

mOOseCaNNoN
28-11-2008, 03:52 PM
cool, ok i might have to try that thanks

berryb
01-12-2008, 01:46 PM
Why not redirect the desktop as well. This doesn't stop users from saving data but will limit bandwidth at login.