“Common Desktop” icons not merging for one group

group-policywindows 7

We are deploying desktop icons across our network to Windows 7 machines via Group Policy Preferences (Registry, User Shell Folders) and have found that for most users this works great – the "Common Desktop" icons configured under HKEY_LOCAL_MACHINE merge correctly with the HKEY_CURRENT_USER icons and all is well.

However, for a particular group, there is no merge – none of the "Common Desktop" icons show.

Permissions and such are all set correctly and there is no difference in the registry changes applied to a group working and a group that does not work.

The Common Desktop key is under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, and the usergroup-specific desktop key is under HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders.

They are being redirected to a network drive, mapped at logon. I have tried using UNC paths instead, but this caused all users to lose "Common Desktop" icons.

Further Background

So, our menu system is stored on our file server. For the purposes of explanation, let's say it's at \\dfsroot\menus. Each category of user has a sub-directory here – \\dfsroot\menus\finance, \\dfsroot\menus\sales, and each sub-directory contains a Desktop and Start Menu folder containing shortcuts to be placed on each, respectively.

There is also a folder, \\dfsroot\menus\Common which are shortcuts common to all users (eg, Microsoft Word).

Common menus are controlled by HKEY_LOCAL_MACHINE User Shell Folders configuration.

Group-specific menus are controlled by HKEY_CURRENT_USER User Shell Folders configuration.

Both are applied without errors for all users in the domain via Group Policy Preferences.

This allows us to manage icons quickly and easily, as we can drop a new icon into one of these UNC paths and update several hundred desktops immediately.

However, the Common directory seems to fail to apply for one group of users. There are no errors in the event log and even looking at the registry with regedit shows the correct value for the registry keys. There just aren't any icons showing from Common. Only the group-specific menus.

I am happy to provide further clarification if it is needed.

Best Answer

It likely has to do with you using folder redirect without offline files of crucial folders like ~Desktop, and setting those via manual reg rather then the "supported" way of Group Policy folder redirect. Disabling offline files for crucial folders will affect performance as each computer constantly has to send SMB packets back and forth since those shared folders are "online only". This is not Microsoft best practice. Three things I would do that would likely resolve your issue, put you back in the realm of "common use and MS supported", likely improve desktop Windows Explorer performance, and reduce network traffic.

  • Enable offline files, they "just work" in Windows 7. Any redirected folder will auto sync for offline use.
  • Use Group Policy "folder redirection" to control user folders, rather then setting registry settings via GPP.
  • Rather then the "old school" way of pointing people to a shared network folder for shortcuts, I would use GPP shortcuts feature to create those locally. Also, no need to use common desktop redirection if you're using GPP user shortcuts (it just creates the tiny .lnk files in each users local profile). I've used this for hundreds of shortcuts (pointing to local and network files) on networks with over 4,000 computers (even in XP) with no issues. If there was ever an issue it was permissions related and GPP would state it clearly in Event Logs.

Basically, IMO, your using GPP wrong. Using GPP to set reg settings when there are other more-supported ways in Group Policy to do it is just asking for trouble :)

Related Topic