Question : Hide local user folders on Server 2008 desktop

In Server 2008, when a user on one of our terminal servers logs on, they see a documents folder on their desktop which is labeled with their AD dsplay name (Lasl name, First Name).  Inside that folder are many links to their local user folder:

Contacts
Desktop
Documents
Downloads, etc.

There are actually 2 "Documents" folders in there.  One takes them to C:\Users\%username%\documents.  The other one takes the user to the "My Documents" folder which is set by GPO:  H:\My Documents.  H: is mapped to a DFS share:  \\DOMAIN\Share\homedirs\%username%.  The custom ADM template we use points "My Documents" to:  H:\My Documents. The custom ADM template also hide drives A: - F.  The GPO also redirects the desktop to a DFS share:  \\DOMAIN\share\desktop.  The classic start menu setting is enabled.

We don't backup the terminal server C: drives & really don't want people to have access to those links to their local profile folders that show up in there (like the "Documents" icon that links to C:\users\USERNAME\Documents). I tried to enable the "Remove the My Documents from the desktop" setting in the GPO, but this had no effect and the user folder still appears on the desktop.

So, I want to put a link to H:\My Documents on their redirected desktop folder & completely remove the User folder, but I haven't had any success. Through much googling, I found out which registry key hides that folder, so I tried creating a custom ADM template to hide it, but it didn't work.

This is the key I need to edit:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu\{59031a47-3f72-44a7-89c5-5595fe6b30ee}

This key needs to have a value of "1" to hide the desktop user folder.

Here is what I put into my template.  I've never created a custom ADM template before, so I'm not sure what I doing wrong with this one.  The GPO is linked to a TEST OU that only has the test account in it.

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19:

CLASS USER CATEGORY "Windows Components" CATEGORY "Windows Explorer" KEYNAME "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" POLICY "Hide User Folder on Win2k8 Desktop" VALUENAME "{59031a47-3f72-44a7-89c5-5595fe6b30ee}" VALUEON "1" EXPLAIN "Setting to remove User folder from Windows Server 2008 Desktop" END POLICY END CATEGORY END CATEGORY

When I created a VBS script to make the same registry change that hides that user folder on the desktop, it worked great.  So, I guess I could run it as a logon script if need be, but I'd prefer a policy:

1: 2: 3: 4: 5: 6: 7: 8: 9: 10: 11: 12: 13: 14: 15: 16: 17: 18: 19: 20:

dim strComputer ' Read computer name from argument supplied - if no argument, assume local machine if WScript.Arguments.Count<1 then strComputer="." else strComputer=WScript.Arguments(0) end if Const HKEY_CURRENT_USER = &H80000001 Const HKEY_LOCAL_MACHINE = &H80000002 dim oReg: Set oReg = GetObject("winmgmts:\\" & strComputer & "\root\default:StdRegProv") keypath = "Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons" keypath2 = "Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu" oReg.CreateKey HKEY_CURRENT_USER, keypath oReg.CreateKey HKEY_CURRENT_USER, keypath2 oReg.SetDWORDValue HKEY_CURRENT_USER, keypath2, "{59031a47-3f72-44a7-89c5-5595fe6b30ee}","1"

I had to create 2 keypaths in this script, because the "hidedesktopicons" key didn't exist for my test user account or for my account, so creating the ClassicStartMenu key didn't work until I put in another line to create the first key.

It occured to me that possibly the The ADM template didn't work because that key didn't exist.  But, the GPO fails even after running the VBS script to add that key.  I created another version of this VBS script with a value of "0" at the end to turn the User folder back on so I can toggle the setting off & on for testing of the GPO.

The on/off scripts work really well: I can toggle the user folder off and on pretty much at will (I just have to press F5 to refresh the desktop), but the ADM template appears to have no effect at all.

Can someone tell me what's wrong with the ADM template?  We have a mix of 2003 & 2008 servers, but we have to use the Group Policy Management Console for 2003: some of our policies got corrupted when we used the 2008 GPMC, so using a 2008 ADMX isn't posisble for us.

Thanks,

Alicia

Answer : Hide local user folders on Server 2008 desktop

Put your POLICY line above your KEYNAME line.

Justin