Home Forums OS X Server and Client Discussion Active Directory Prevent AD Users Saving to Desktop

Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • May 18, 2009 at 9:57 am #376199
    bezzoh
    Participant

    Morning all,

    A quick query as my ‘googling’ hasnt come up with much in the way of a solution to a problem I’m having at the moment.

    I deploy via my X-Serve (Workgroup Manager) all Mac preferences to my AD users who have Roaming Profiles saved on a Windows 2003 F&P Server. We lock down the ability for users to save items to their Desktop on Windows workstations via Group Policy, however without having to modify actual permissions on the profiles themselves is there a way I can deploy a preference/plist for example that will achieve the same result on the Mac clients.

    Some of the users taking advantage of this and are dumping large files all over their desktop and I need to stop it…

    Thanks in advance!

    May 18, 2009 at 8:01 pm #376209
    torona318
    Participant

    From what I can tell there really seems to be no easy way to deny desktop access on a mac. You can setup an ACL on the user templates folder to deny access to the desktop. This will only affect new users. For existing users you would have to add ACLs on their desktop folder. Keep in mind this might affect 3rd party apps like Firefox whose default downloads location is the desktop.

    -Thomas

    May 19, 2009 at 2:37 pm #376220
    bezzoh
    Participant

    Thats an idea I could look into. Firefox wont be an issue, I’ve already written a custom config file for this which greys out all internet options for the application, sets the proxy and redirects downloads to the actual user download folder.

    Thanks for the response!

    May 21, 2009 at 12:11 am #376239
    Patrick Gallagher
    Participant

    [QUOTE][u]Quote by: torona318[/u][p]From what I can tell there really seems to be no easy way to deny desktop access on a mac. You can setup an ACL on the user templates folder to deny access to the desktop. This will only affect new users. For existing users you would have to add ACLs on their desktop folder. Keep in mind this might affect 3rd party apps like Firefox whose default downloads location is the desktop.

    -Thomas[/p][/QUOTE]

    Setting permissions on the user template won’t work because the newly created home folders get chmod’ed when created. The permissions would need to be set after the home folder is created. Perhaps a login hook.

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Comments are closed

Copyright © 2025 AFP548. All Rights Reserved.