Had a complaint from a member of staff recently that all students work folders showed up as My Documents when he was browsing through their work.
Many of you may have been directed to this Microsoft KB as a ‘solution’. http://support.microsoft.com/kb/947222
Not much of a solution if you ask me. Redirection to a subfolder would work, but do you really want to change something that significant on your network? Enable exclusive access would be fine if you didn’t need to give other people access to the documents folder. In a student-teacher situation, teachers need to be able to see the students work, so this doesn’t work for us. Option 3 – deny permission to the desktop.ini. We have 1400 students. That’s a lot of changes – yes I could use xcacls or subinacl to automate it, but what a headache.
The best ‘solution’ that we have come up with, is to simply delete the desktop.ini file at logoff. We created a VB Script, which looks for a desktop.ini file in the user’s My Documents folder, and if it exists then delete it. Attach this into a GPO that affects the user as a logoff script.
The code we used is:
On Error Resume Next
Set WSHShell = WScript.CreateObject("WScript.Shell")
Set FSO = CreateObject("Scripting.FileSystemObject")
DocsPath = WSHShell.SpecialFolders("MyDocuments")
If FSO.FileExists (DocsPath & "\desktop.ini") Then FSO.DeleteFile (DocsPath & "\desktop.ini") End If
Next time the user logs on and then off again, the desktop.ini file will be deleted, and the folder will show as the username of the user.
Shame there isn’t a GPO option which allows you to turn off this feature. On a home machine it is great, but in a corporate environment you need to be able to turn off the fancy features and see exactly what you have got.
Works! Thank you. I look even when the solution with FSRM.
awesome solution . I have a netapp file share and this worked . Thanks a lot
Thanks for this. What I am proposing to do is using the FSRM and use file screening to deny the saving of desktop.ini to our Users share. Does anybody see any issues with that? Deleting the files on logoff is fantastic. Stopping them from being created to begin with is better ;)
I don’t see why it shouldn’t work. Without testing though, my only worry would be that it could error when trying to create the desktop.ini – rather than it creating it and being removed later. Definitely worth a shot though and I would be interested to know the answer.
Works! Thank you
Exactly the solution I was planning to implement but you have saved me all the work… Thanks for your help… Consider this site bookmarked!
Fantasic been looking at the best approach to resolve this for a while and this fits the bill perfectly. Just out of internet do you get the GPO to run this at log on and log off? I am very pleased I have found this site.
Great. Glad it helps. I believe I only set it to run at at logoff – as running it at logon would be pointless as the file would be re-created during the user’s session. It does also save a little bit (albeit neglible) of time logging on.