After scouring through the various postings and Googling the internet, I cannot seem to locate an answer for my problem.
Recently, I was working on a customer's network which uses Windows 2003 Adv Server and Active Directory. Their users connect to one of three 2003 servers to access various applications via Remote Desktop.
Using an existing GPO for the domain, we went into User Configuration > Administrative Templates > Desktop > Active Desktop, and enabled the feature "Add/Delete items". With this setting enabled, we pointed to a specific network share that had several desktop shorcuts. The intent of this was to replace icons that end users may delete from their desktop. We gave Domain Admins R/W access, and everyone else R/O access to this folder, to prevent modification by an end user.
Our customer then decided that they no longer wished to use this feature, so we disabled it (and deleted the folder containing the shortcuts).
Here's the issue: An Administrator for the network has several shorcuts on their desktop (logged in under their User account - not Administrator). For some reason, all of their desktop icons are now replicating to other administrators' desktops.
I have checked on the AD Server and the other 3 servers (under Documents and Settings > All Users > Desktop and under Documents and Settings > All Users > Desktop), and cannot find these icons. I checked the GPO and cannot locate a problem causing this.
I'm at a complete loss, and the customer is wanting this resolved.
This still appears to impact all users, logged on locally, or commected to the server via Remote Desktop. I have re-created the GPO from scratch (deleting the old GPO), and cannot resolve the issue.
However, it appears as if the Desktop is "mapped" to the folder where the desktop icons were being stored.
Let's say that a folder called "C esktop_Icons" exists on Server_B. The Group policy that "was" in place on Server_A said "Place icons on every user's desktop, using the icons located at \Server_BC$Desktop_Icons". Now that the policy no longer exists, no matter who logs on, it's as though everyone's desktop folder is stored directly on "C esktop_Icons"
...and changed the Desktop String to "%USERPROFILE%Desktop"
However, every time the registry editor was closed, the settings revert back (as if the GPO is still in place). To resolve this issue, I had to lock down permissions on the registry keys being modified. It's a crude way to resolve the issue, but it did the job.
I would be interested in other methods for resolving the issue though.