As for protecting the desktop, because this is part of the user's profile, its tough to totally lock it down unless you use Folder Redirection to redirect the Desktop folder to a read-only server share. In that case, I would recommend defining a TS-specific profile in the user object so the Folder Redirection doesn't interact with the user's home folder redirection. Also, define the FR policy using loopback policy. As for restricting the TIF, I haven't tried this in a while but never found a good way to do it. The inetcorp.adm file that ships with Windows claims to be able to do it but I never got it to work. Maybe others have had better luck. Darren _____ From: gptalk-bounce@xxxxxxxxxxxxx [mailto:gptalk-bounce@xxxxxxxxxxxxx] On Behalf Of hboogz Sent: Thursday, November 09, 2006 11:30 AM To: gptalk@xxxxxxxxxxxxx Subject: [gptalk] Restriction Help I'm about to implement a GPO for my TS/Citrix Server OU. I don't want any user saving to their " Desktop" folder. How can i restrict saving to this location and the main root c:\ location ? I am going to use the program hidecalc to hide the drives, but i'd like to know where i can set this restriction up in Group Policy. I'm running Windows 2003 Standard and the TS/Citrix Servers are running the same OS I'd also like to know ho to restrict the size of everyone's Temporary Internet Folder . Thanks as always, -- HBooGz:\>