User Group Policy - Desktop

Windows Group Policy - Desktop

This section typifies the restrictive side of Windows Group Policy.  Take advantage of a wonderful opportunity to play 'Mr Nasty' and create a plain desktop with no distractions for the users.

Administrative Templates

Windows Components

Desktop

* Guy's Top Three Group Policies

• Hide Internet Explorer on the Desktop
• Prohibit users from changing My Documents path
• Do not add shares of recently opened documents to My Network Places

Troubleshooting Group Policies is tricky.  As an MCT trainer, I can thoroughly recommend TrainSignal because they provide practical hands on training.  In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material.  You can either take one module, for example Group Policy or go for a combination of modules.  See more about Group Policy training here

Desktop Policies

My advice is to dovetail these desktop policies with your broader company policies.  For instance, if you have a company directive that everyone should clear their desk every night, then Group Policies such as 'Hide All Items on the Desktop' will reinforce the corporate message.  As a matter of tactics, you could create OU's for laptops, desktops and servers and then assign different desktop Group Policies for each type of machine.

As with the Start Menu policies, there are half a dozen objects where you can 'Remove' icons from the user's vision.  For Example, remove the My Computer, My Documents and the Recycle Bin. When you have finished Removing, you can start on Hiding.  For Example * 'Hide Internet Explorer on the Desktop' (If you enable this setting, then I would keep the IE icon on the Taskbar)

One setting that I can recommend is * 'Prohibit users from changing My Documents path'.  This would compliment the policy which redirects the My Documents to a network share.

Another policy that is worth a look is: - * 'Do not add shares of recently opened documents to My Network Places'.

If the machine is that famous communal Kiosk, then the setting: 'Do not save setting on exit', makes sense.  For all other machines, this setting will only infuriate users - so I would avoid it!

I have yet to find a use for 'Remove the Desktop Cleanup Wizard', however, every time that I am rude about a Group Policy setting a 'Mr Angry' emails me with a killer reason why you need that particular setting. 

While I am letting off steam, I will venture to say that nobody likes the Active Desktop settings, thus the only use of that particular section would be to disable Active Directory settings on communal machines.

Summary of Desktop Group Policies

This page is a staging post on your journey to lock down the user's desktop.  Each Group Policy deserves your attention as each companies requirements will be different.

Next: Windows Settings,  Control Panel