File Operations
The File Operations object provides the ability to Copy, Delete, Move and Rename files and folders. File Operations support Local, Mapped and network drive paths as well as a generous portion of operation options.
Settings
File operation
Operation
Select Copy, Move/Rename, Delete or Create Folder from the Operation list to specify the action to execute on the specified files.
Source folder
Specify the folder on which the selected Operation will act upon.
Source file(s)
Specify the files on which the selected Operation will act upon.
Destination folder
For Copy, Move/Rename or Create Folder operations, specify the folder to be used as the destination for the selected Operation.
Destination file(s)
For Copy or Move/Rename operations, specify the file names to be used for the destination of the selected Operation.
Options
Only files
Select this check box to enable extra File Operation options. When enabled, select changed before, changed after, changed between, changed on and older than from the list
- changed before
Select changed before, for the selected operation to act on all files last modified prior to the specified date.
- changed after
Select changed after, for the selected operation to act on all files last modified after the specified date.
- changed between
Select changed between, for the selected operation to act on all files last modified between (and including) the specified dates.
- changed on
Select changed on, for the selected operation to act on all files last modified on the specified date.
- older than
Select older than, for the selected operation to act on all files older than the specified number of days.
- last accessed before
Select last accessed before, for the selected operation to act on all files that were last accessed before the specified date.
- last accessed after
Select last accessed after, for the selected operation to act on all files that were last accessed after the specified date.
- last accessed between
Select last accessed between, for the selected operation to act on all files that were last accessed between the specified dates.
- last accessed on
Select last accessed on, for the selected operation to act on all files that were last accessed on the specified date.
- last accessed more than X days
Select last accessed more than X days, for the selected operation to act on all files that were last accessed more than the specified number of days ago.
Include subdirectories
Select this check box to include all subdirectories of the Source Folder in the selected Operation. Clear this check box to exclude all Source Folder subdirectories in the selected Operation.
Continue on error
Select this check box to continue performing the selected Operation regardless of any errors that occur during the execution of the action. Clear this check box to stop the selected Operation if an error occurs.
Include hidden/system files
Select this check box to include all hidden and system files in the selected Operation. Clear this check box to ignore all hidden and system files in the selected Operation.
Overwrite read-only files
Select this check box for the selected operation to overwrite or delete read-only files. Clear this check box for the selected operation to ignore all read-only files.
Overwrite existing files
For Copy or Move/Rename operations, select this check box for the operation to overwrite existing files. Clear the check box for the operation to ignore existing files.
Overwrite older files
For Copy or Move/Rename operations, select this check box for the operation to overwrite existing files if the destination file is older than the source file. Clear the check box for the overwrite operation to ignore overwriting destination files that are older than the source files.
Perform copy asynchronously
Select this box to perform the selected operation asynchronously. In asynchronous mode, the File Operations element will execute at the same time as other File Operations elements. If this check box is cleared, applications will run sequentially one after another. Each application must complete before the next one will begin.
Redirect to 32 bit folder on 64 bit operating systems
Select this box to force the operation to copy files to the corresponding 32-bit folder, when performing the operation on 64-bit operating systems.
Wipe disk area to DoD 3 spec
Available for Move/Rename and Delete operations, select this check box to securely remove files/folders from the specified source using the DoD 3 specification.
Show progress bar
Show the progress of the file operation.
Possible File Operations
|
Source Folder |
Source File |
Destination Folder |
Destination File |
Operation |
|---|---|---|---|---|
|
X |
|
X |
|
Rename folder |
|
X |
|
X |
|
Move folder |
|
X |
Single |
X |
|
Move file to different folder |
|
X |
Multiple |
X |
|
Move files to different folder |
|
X |
Single |
X |
Single |
Rename file |
|
X |
Multiple |
X |
Single |
Not supported |
|
X |
Single |
X |
Multiple |
Not Supported |
|
X |
Multiple |
X |
Multiple |
Not supported |
Validation Logic
Select the Validation Logic tab to set the validation rules for this element.
Notes
Select the Notes tab to create any additional notes needed to document the profile element.
Description
When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.
File/Registry Permissions
The File/Registry Permissions object provides the ability to modify NTFS File and Folder permissions or Registry permissions. Permissions are configurable for 2008, 7, 8.1,10, 2008 R2, 2012, 2012 R2, 2016, and 2019 systems only.
Settings
Action
Type
Select File/Folder or Registry from the Type list. The selected Type is the object that Permissions will be applied to.
Action
Select Append, Overwrite or Revoke from the Action list. This action defines how to apply the Permissions to the selected object.
- Append - Add permissions to list of existing permissions for the object.
- Overwrite - Replace existing permissions with permissions specified in this element for the object.
- Revoke - Remove permissions for the object from the specified user/group.
Path/hive/Key
For the File/Folder Type, enter the Path to the object that Permissions will be applied to. For the Registry Type, enter the Hive and Key that the Permissions will be applied to.
Force use of 32-bit registry locations on 64-bit operating systems
Check this box to force the 32 bit registry location to be used instead of the 64 bit location, when executing on 64 bit operating systems.
Inheritance
Select Do not modify this object's inheritance, Allow this object to inherit from parent, Do not allow this object to inherit from parent and discard inherited permissions, Do not allow this object to inherit from parent and copy inherited permissions from the Inheritance list. The Inheritance selection defines how or if permissions for the object will be inherited.
- Do not modify this object's inheritance - This object will not assume (inherit) permissions from any other object.
- Allow this object to inherit from parent - This object is allowed to assume permissions from its parent object.
- Do not allow this object to inherit from parent and discard inherited permissions - This object will not be allowed to assume permissions from its parent object. If the object already has inherited any parent permissions they will be removed.
- Do not allow this object to inherit from parent and copy inherited permissions - This object is not allowed to assume (inherit) permissions from its parent object, nor is it allowed to copy permissions from its parent.
Permissions
The Permissions list designates which users and/or groups will be given permissions to the selected object (File/Folder or Registry)
Press Add to define users and/or groups to which permissions will be given to the selected object. Press Edit to edit an entry in the Permissions list. Press Delete to remove an entry from the Permissions list.
Figure 42: Creating permission sets
Once in Add/Edit mode update the following entries:
Principal
Specify a user or group that will be assigned the designated permissions.
SID
The SID (Security Identifier) will be automatically populated once a Principal is selected.
Permissions
The permission boxes represent the standard permissions that can be allowed or denied for the specified Principal. Select Allow to permit access to the object. Select Deny to refuse access to the object. Selecting either Allow or Deny Full Control will automatically select the Read, Write, Execute and Modify permissions.
Propagation
Select Apply to this object only, Apply to this object and child objects one level deep, Apply to this object and allow all child objects to inherit, or Apply to this object and apply to all child objects from the Propagation list. The propagation selection defines which components (Parent and/or Child) of the object are affected by the Permission change.
- Apply to this object only - Permissions are applied to the selected Path or registry Hive/Key only. No child objects are affected.
- Apply to this object and child objects one level deep - Permissions are applied to the selected Path or registry Hive/Key object and to any container immediately within this object.
- Apply to this object and allow all child objects to inherit - Permissions are applied to the selected Path or registry Hive/Key object. All child objects have the ability to inherit these permissions however the child objects are not given these permissions automatically.
- Apply to this object and apply to all child objects - Permissions are applied to the selected Path or registry Hive/Key object and to any all containers below this object.
Child object to include
Select Files, Folders, or Files and Folders from the list. The selected child object(s) will be included in the propagation of the applied permissions.
Validation Logic
Select the Validation Logic tab to set the validation rules for this element.
Notes
Select the Notes tab to create any additional notes needed to document the profile element.
Description
When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.
Folder Redirection
The Folder Redirection object provides the ability to change the Windows default location for specialized folders known as Shell Folders. Shell folders are folders that are specific to each authenticated user. They include the Contacts (Windows 7, Windows 8.1), Cookies (Windows 8.1), Desktop (Windows 8.1), Downloads (Windows 7, Windows 8.1), Favorites (IE Bookmarks)(Windows 8.1), History (Windows 8.1), My Music (Windows 8.1), My Pictures (Windows 8.1), My Videos (Windows 7, Windows 8.1), Personal (My Documents Folder)(Windows 7, Windows 8.1), Programs Group (Windows 7, Windows 8.1), Recent (Windows 7, Windows 8.1), Send To (Windows 7, Windows 8.1), Start Menu (Windows 7, Windows 8.1), Startup (Windows 7, Windows 8.1) and Temporary Internet Files (Windows 7, Windows 8.1).
Shell folders are located under the authenticated user’s profile, C:\Documents and Settings\profilename\.
By defaulting the location of these folders to a network share (or mapped drive), rather than the local computer, users are allowed to access their own desktop, bookmarks, recent document list, application settings, etc., regardless of the computer they log on to. This also enables the profile to be secured and backed up.
In addition to user-specific shell folders, Windows 2008/7/8.1/2008 R2/2012/2012 R2/2016/2019 also includes a common set of shell folders that are available to all users of the computer. This common set of shell folders is often referred to as the "All Users" profile or "Users Profiles".
Settings
Action
Shell folder
Select a shell folder from the Shell folder list.
|
|
NOTE: Redirecting Temporary Internet Files to a network share is not supported with IE 8 and later. |
Redirect to folder
Specify a folder that the shell folder should be redirected to. The folder designation may be in the form of a path, mapped drive or UNC. Click Browse to navigate to the path. Desktop Authority’s dynamic variable selection is available for this field by pressing the F2 key.
|
|
NOTE: Although a path in the form of C:\RedirectedFolder may be used, it is recommended that a fully qualified UNC be used instead. Note that UNC paths longer than 260 are truncated by the operating system. If this occurs, the folder redirection will not work. |
Reset to default
Select this check box to restore the redirected folder to the operating system’s default location.
Copy any files that exist in the original folder
Select this check box to copy files from the current folder to the redirected folder when it is redirected.
Validation Logic
Select the Validation Logic tab to set the validation rules for this element.
Notes
Select the Notes tab to create any additional notes needed to document the profile element.
Description
When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.
General
The General object provides several miscellaneous settings including settings to purge the client TEMP files, password expiration warnings and others.
Settings
TEMP Files
Enable purge
Select this checkbox to enable purging of the client computer's %TEMP% folder.
Purge client %TEMP% files on the first Wednesday of every month
%TEMP% is an environment variable that defines the location of the User's temporary files folder. Desktop Authority can easily control the purging of this folder in order to keep the client’s machine free of extraneous, unused files. The user will never have to remember (or forget, as is usually the case) to manually purge this folder.
Purging is completed on the first Wednesday of each month.
Select Prompt from the list to let the user decide whether to purge the %TEMP% folder.
Select Always from the list to purge the %TEMP% folder on the first Wednesday of each month.
Specify the file(s) to purge from the %temp% folder. Use wildcards to specify multiple files. A subfolder may also be specified.
The default is [Prompt] purge.
File mask
Specify a file mask that defines exactly what files to include in the purge operation.
The default is to purge all *.tmp] files.
Warnings
Password expiration
Enter a numeric value, or use the arrows, representing the number of days prior to expiration in which to enable a warning to the client that their password is about to expire. The warning will give the user an advanced reminder the specified number of days before the password will expire. If no number is entered, the warning is disabled.
Low disk space
Enter a numeric value, or use the arrows, representing the number of megabytes to enable a warning to the client if disk space falls below the specified size. If no number is entered, the warning is disabled.
Local admin password
To define local admin access for clients, enter the local admin username/password. After entering the local admin password, click OK. The password will be encrypted for display purposes in the Manager.
Set password
Select this box to use the currently logged on user credentials as the local admin password. Deselect this box to modify the credentials. Enter the Password twice to enter a new local admin password.
Network
Disconnect all existing network drives before mapping new ones
Select this check box to forcibly disconnect all existing network drive mappings before Desktop Authority drive mapping elements are executed. If Desktop Authority is executed and this check box is not selected, any persistent connections that the client may have defined for the same drive letter to be mapped by Desktop Authority will be overridden. Desktop Authority will not automatically remove all persistent connections on each client (unless this check box is selected) — only the ones that conflict with the mappings being applied by Desktop Authority during the logon process.
Disconnect all existing network printers before connecting new ones
This check box can be set to one of three (3) different states: on (enabled) 
Disconnect all existing IP printers before connecting new ones (excludes server operating systems)
This check box can be set to one of three (3) different states: on (enabled)
|
|
Note: IP printers on servers will not be disconnected by this option. |
Concurrent drive limit
Limit concurrent logons by monitoring the share mapped using drive
This option provides a mechanism by which the number of concurrent logons by a single user can be limited. Implementation of this feature requires a combined effort between Desktop Authority and the domain’s servers where the shares reside.
Once configured, Desktop Authority will immediately log off any user that attempts to concurrently log on more sessions than they are allowed.
Additional
Don't display last user name
Use this setting to clear or set the previous user’s logon name.
Set this check box to one of three (3) different states: on (enabled)
Clear all existing security policies
Select this check box if you are using Desktop Authority's Security Policies only. This setting instructs Desktop Authority to remove all existing security policies prior to applying new ones. Removing a security policy removes the setting from the registry which in effect disables the policy from being applied to the workstation.
Clear this check box if you are using Microsoft’s Policies in combination with Desktop Authority's Security Policies. Microsoft’s Group Policies are applied to the computer before the logon script executes, this option will ensure that Desktop Authority does not "clear" the existing Microsoft Policies.
Graying this check box acts exactly as if the check box is cleared unless there are other elements that either Select or Clear this option. If there are other elements with a selected or cleared check box, this option will be ignored. The last setting processed, either selected or cleared will take precedence over all other settings.
Remove IE tour
Select this check box to remove the Internet Explorer Take a Tour splash screen. Once removed, it cannot be reactivated by Desktop Authority.
Remove Internet connection wizard
Select this check box to remove the Internet Connection Wizard and prevent it from launching the first time each user of the computer attempts to launch Internet Explorer. Once the Internet Connection Wizard is removed, it cannot be reactivated (added back to the desktop) by Desktop Authority.
Do not show Desktop Agent icon in system tray
This check box can be set to one of three (3) different states: on (enabled),
Validation Logic
Select the Validation Logic tab to set the validation rules for this element.
Notes
Select the Notes tab to create any additional notes needed to document the profile element.
Description
When adding or modifying a profile object element, the description appears above the settings tab. Enter a description to annotate the element. The default value for new profile elements can be changed by going to the system Preferences.