Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

remove "delete" from my computer on desktop...

Status
Not open for further replies.
chriscj21

chriscj21

Technical User
Mar 27, 2004
246
GB
...anyone know of a way to remove "delete" as a right click option on 'my computer'?

This must be a menu handler issue in registry but when i search for "HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}" I can not find any relation to delete...

Any ideas appreciated


Thanks


Chris

ChrisCj21
MCSE, A+, N+
 
Sort by date Sort by votes
The workstation I use at work (and granted we're on NT) don't have delete on the 'My Computer' Context Menu, and indeed many other facilities are disabled for Users. This is all done through Policy Management. I would guess that you can set a User Policy that will 'hide' any context menu command you wish.
 
Upvote 0 Downvote
Thanks for input but there is not direct GPO setting to remove "delete"...This is not an issue on NT or Windows 2000 :(

I could remove the ability to right click on icons but this is a global policy setting and not appropriate



Chris

ChrisCj21
MCSE, A+, N+
 
Upvote 0 Downvote
You can download ContextEdit, but it will not work:
ftp://ftp.externet.hu/pub/mirror/sac/utilfile/cnxtedit.zip

Is the objective is to make certain a user cannot delete or remove My Computer from the desktop?

Some choices. Essentially when the icon for My Computer is to show the following registry key has a DWORD value of 0 (zero):
Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum]
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"=dword:00000000
Click to expand...
In the logon script you could put a copy of the above, saved with a .reg extension, and use:
regedit /s name_you_gave_file.reg

This will restore for every logon the My Desktop icon.

A second approach: Set permissions on the key to deny everyone but the Administrator the rights to change the registry key.

You can do this with command line utilities in the logon script or remotely as noted here:
If you need to use something that comes with WinXP, you will need to use Regini.exe.

There is also an updated version of Regini.exe is in the Win2k3 Server Resource Kit (for Win2k/WinXP as well), and for documentation, see rktools.chm in the Resource Kit:
Windows Server 2003 Resource Kit Tools

(The kit will install on WinXP or later, or you can unpack it with WinZip or similar)

A couple of other utilities that can edit registry key
permissions from a command line:
SubInACL.exe can also be used for this, a new, bug-fixed version of SubInACL.exe is available for download here (Win2k/WinXP/Win2k3):
Then there is a free 3rd party utility that you can use for this: SETACL (freeware)

SetACL can set permissions on:
Local or remote directories
Local or remote files
Local or remote printers
Local or remote registry keys
Local or remote Win32 services
Local or remote network shares
Click to expand...

Finally, you could add a (VBS) script to your logon script:
On Error Resume Next

Dim WSHShell, n, MyBox, p, t, errnum, vers
Dim itemtype


Set WSHShell = WScript.CreateObject("WScript.Shell")
p = "HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
itemtype = "REG_DWORD"

n = WSHShell.RegRead (p)
errnum = Err.Number

if errnum <> 0 then

WSHShell.RegWrite p, 0, itemtype
End If

Set WshShell = Nothing

On Error GoTo 0

For Each Process in GetObject("winmgmts:"). _
ExecQuery ("select * from Win32_Process where name='explorer.exe'")
Process.terminate(0)
Next
Click to expand...

Regards,
Bill Castner


____________________________
Users Helping Users
 
Upvote 0 Downvote
Bill, yet again - thanks for help!!!

I experimented with using the SubInACL.exe but to no avail...

I was trying to remove the ability to rename and /or delete desktop icons

Code: 
subinacl.exe /subkeyreg 
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons" 
/GRANT=domain\%UserName%=AQCEYLWO 


subinacl.exe /subkeyreg 
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID­\{208D2C60-3AEA-1069-A2D7-08002B30309D}" 
/GRANT=domain\%UserName%=AQCEYLWO 
subinacl.exe /subkeyreg 
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID­\{20D04FE0-3AEA-1069-A2D8-08002B30309D}" 
/GRANT=domain\%UserName%=AQCEYLWO 
subinacl.exe /subkeyreg 
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID­\{450D8FBA-AD25-11D0-98A8-0800361B1103}" 
/GRANT=domain\%UserName%=AQCEYLWO 
subinacl.exe /subkeyreg 
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID­\{645FF040-5081-101B-9F08-00AA002F954E}" 
/GRANT=domain\%UserName%=F 
subinacl.exe /subkeyreg 
"HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID­\{871C5380-42A0-1069-A2EA-08002B30309D}" 
/GRANT=domain\%UserName%=R

This didn't work...

What I am really after is any way to stop any desktop icons being renamed or deleted. I am not able to make the desktop read-only as users have to be able to save there!!!



Regards


Chris

ChrisCj21
MCSE, A+, N+
 
Upvote 0 Downvote
As Desktop Icons are held in the 'Desktop' directory, can you not make the Icons Read Only?
 
Upvote 0 Downvote
My Computer" is a shell icon. You cannot make it 'read only'.



____________________________
Users Helping Users
 
Upvote 0 Downvote
(Sorry, ASG0856, I inadvertantly hit submit before finished.)

The registry permission entries you are making with subinacl are not right.

This is the key that determines whether "My Computer" is on the desktop or not (See my discussion using regedit above):

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum
"{20D04FE0-3AEA-1069-A2D8-08002B30309D}"

If you set this key to DWORD:0, My COmputer appears on the desktop.

To follow along with this, in order to prevent its deletion we need only block user access to this registry key. It is the HKCU registry hive that is important. By definition, this hive is unique to the user. Hence, your use of "domain\%UserName%" is syntacticly in error, (it really wants your actual domain name). In any case, with HKCU we can be even more generic in specifying user or group.

Taking this all together then:

subinacl /subkeyreg "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\NonEnum" /deny=User=D /deny=User=S /grant=Administrators=F

This "locks" any shell folder.

The rest can be handled, as suggested by ASG0856 above, by setting the read-only attribute. Use the Attrib command if you like to do this:
attrib +r \%userprofile%\desktop\*.lnk
(You could in fact use Subinacl again.)

But you are likely better off using Group Policy to deny the ability of users to make persistent changes (to save) desktop settings.

Last note: A good subinacl reference can be found here:


____________________________
Users Helping Users
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Keyboy
  • Locked
  • Question
Computer freezing up
Replies
3
Views
1K
Rick998
Rick998
Flinx
  • Locked
  • Question
the SAGA of trying to get a computer to sleep and wake up on a schedule
Replies
1
Views
598
Flinx
Flinx
dik
  • Locked
  • Question
Change Icon Image on Desktop
Replies
5
Views
377
JimSmith02
JimSmith02
spamjim
  • Locked
  • Question
Sanitizing illegal filenames on NTFS volumes
Replies
2
Views
195
spamjim
spamjim
jjjthird333
  • Locked
  • Question
rename a doamin computer when it is offline?
Replies
3
Views
237
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top