0

I would like to set up a GPO so users cannot edit, delete, add or rename desktop items anymore.

So far I activated:

user config
- guidelines
-- administrative templates
--- desktop
---- desktop
----- don't allow changes ON
----- don't allow adding of elements ON
----- don't allow deleting of elements ON
----- don't allow editing of elements ON
--- control panel
---- adaption
----- don't allow changes of desktopsymbols ON
  • What's the end goal here? What should be on their Desktop? What about items on Explorer? That's even hard to close. – Luiz Angelo Jun 16 '21 at 18:37

1 Answers1

0

Fully locking down the desktop is complicated. You will find a very long list of policies to enable in the article Lock Down Desktop Using Group Policy.

Here is the list that pertains directly to the desktop (but there are lots more that are indirectly related):

  • Do not add shares of recently opened documents to Network Locations
  • Hide and disable all items on the desktop
  • Hide Network Locations icon on desktop
  • Prevent adding, dragging, dropping and closing the Taskbar’s toolbars
  • Prohibit adjusting desktop toolbars
  • Prohibit User from manually redirecting Profile Folders
  • Remove Computer icon on the desktop
  • Remove My Documents icon on the desktop
  • Remove Properties from the Computer icon context menu
  • Remove Properties from the Documents icon context menu
  • Remove Properties from the Recycle Bin context menu
  • Remove Recycle Bin icon from desktop
  • Remove the Desktop Cleanup Wizard
harrymc
  • 483
  • 3
  • 11
  • If they dont allowed to be to do anything, did you ever thought about the Windows Kiosk Mode? - Remind if this mode is used, it will be not more possible to use anything else on that – djdomi Jun 16 '21 at 04:59