desktop - deny writing policy

desktop - deny writing policy
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Applications Security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
desktop - deny writing policy chaos.jedi 01-07-2008
Posted by =?Utf-8?B?Y2hhb3MuamVkaQ==?= on January 7, 2008, 12:06 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Exist a policy or way to block writing on desktop?
It also possible to do this, for document folder?

Posted by on January 7, 2008, 5:20 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
Sure. Change the security permissions on the %userprofile%\Desktop
folder. Uncheck [ ] Allow inheritable permissions from the parent. Set
the user account up to allow only List Folder Contents and Read.
Verify that Creator Owner is not on the list. Leave Administrators and
Systems with Full Control. This will allow the person to view their
desktop without access to create new content or write to existing
files.

J Wolfgang Goerlich

wrote:
> Exist a policy or way to block writing on desktop?
> It also possible to do this, for document folder?


Posted by =?Utf-8?B?Y2hhb3MuamVkaQ==?= on January 8, 2008, 3:17 am
If you were  Registered and logged in, you could reply and use other advanced thread options
I had already tried this way, but it is not practical and manageable
especially if I have to apply the change to different users.

If you can do it with a policy is much better.

Thanks.

Posted by on January 8, 2008, 8:06 am
If you were  Registered and logged in, you could reply and use other advanced thread options
You can accomplish this with Group Policy. Create a policy. Open
Computer Configuration > Windows Settings > Security Settings > File
System. Add the File:

%UserProfile%\Desktop

Grant the permissions as appropriate. Check (o) Replace existing
permissions on all subfolders and files with inheritable permissions.
Instead of explicitly defining the user name, grant .\Users the
permissions. This is easy to manage but does mean that any one user
can read any other users.

J Wolfgang Goerlich

wrote:
> I had already tried this way, but it is not practical and manageable
> especially if I have to apply the change to different users.
>
> If you can do it with a policy is much better.
>
> Thanks.


Posted by =?Utf-8?B?Y2hhb3MuamVkaQ==?= on January 9, 2008, 11:06 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Ok I tried this solution, but don't work

Similar ThreadsPosted
Group Policy - lock desktop after 15mins help July 20, 2005, 6:31 am
Deny interactive login August 30, 2005, 11:20 am
Deny access to certain IP address August 30, 2005, 12:11 pm
How to deny access to some internet sites November 10, 2005, 8:40 am
Allow to read the file, but deny rename it ? June 11, 2006, 9:14 am
Deny sending attachment through Internet October 5, 2006, 3:08 pm
Deny change of email address February 8, 2007, 3:48 pm
Deny access to d drive by the guest February 24, 2007, 4:51 pm
Can change owner of folder when deny in place February 28, 2006, 5:19 am
Folder permissions - deny users, allow administrator November 16, 2007, 12:38 pm

The site map in XML format XML site map

Contact Us | Privacy Policy