![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 57.00000000000001%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMS%3C/text%3E%3C/svg%3E)
165 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(291.2, 38%, 38%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMP%3C/text%3E%3C/svg%3E)
To prevent users from storing files on the desktop while allowing shortcuts, use File Server Resource Manager (FSRM) to enforce file screening. First, install FSRM via Server Manager → Add Roles and Features if it’s not already installed. Then, open FSRM (fsrm.msc) → File Screening Management → File Screens, and create a new file screen for the desktop path (C:\Users%USERNAME%\Desktop or a redirected folder). Define a custom file group that blocks all file types (*.exe, *.txt, *.jpg, *.docx, etc.) except for .lnk files, ensuring that only shortcuts can be saved. Additionally, Folder Redirection via Group Policy can be used to relocate the desktop to a controlled network share, or PowerShell scripts can periodically scan and remove unauthorized files.
If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.
hth
Marcin