Tag Archives: Windows 7

Controlling the creation of Libraries in Windows 7 / Server 2008 R2.

Following on from my previous post about libraries, I have found you can actually control library creation, but there is a two fairly large caveats I’ll cover later in this post.

To Block Library creation, you can create a user group policy blocking the known folder ID. You may argue a login script can simply delete the unwanted libraries, and you would be right, but a shell context menu exists to restore these libraries on user request. The method below ensure’s they are never created.

For every default windows directory, these directories have known folder names and GUID’s. A great reference site for these GUIDS can be found here:

http://msdn.microsoft.com/en-us/library/dd378457(VS.85).aspx

In our case, we’re interested in the following five Known Folders:

FOLDERID_DocumentsLibrary   GUID{7B0DB17D-9CD2-4A93-9733-46CC89022E7C}
FOLDERID_MusicLibrary             GUID{2112AB0A-C86A-4FFE-A368-0DE96E47012E}
FOLDERID_PicturesLibrary         GUID{A990AE9F-A03B-4E80-94BC-9912D7504104}
FOLDERID_VideosLibrary            GUID{491E922F-5643-4AF4-A7EB-4E7A138D8174}

and the little known:

FOLDERID_RecordedTVLibrary  GUID{1A6FDBA2-F42D-4358-A798-B74D745926C5}

Once we know which folders we wish to block, open group policy and navigate to the following policy:

User Configuration > Policies > Administrative Templates > Windows Components > Windows Explorer.

In this section, you will find a Disable Known Folders Setting.

Enable the policy and click show, here you can configure the libraries you wish to block:

(below I’m blocking the creation of Video’s and Music.)

Configuring the value above will leave you with libraries as so:

Caveat’s:

It’s a once off thing… Blocking the creation of a library will only take effect on the first login, aka the profile creation. There is no microsoft solution available to control these libraries after the fact. You could make do with login scripts, but its messy.

It’s not the size, its the contents that matter… You cannot control the cotents of libraries, i.e. you cannot block the link to the shared folders libraries. This is really silly, as you would assume that were you to block the known folder PublicDocuments aka {ED4824AF-DCE4-45A8-81E2-FC7965083634}. This would stop it being created in the profile on first load, you’d be very wrong, blocking this known folder causes the library to not be created. Not sure who thought that was a good idea, but I digress.

So that’s it in a nutshell, for more information on locking down the server 2008 r2 profile check in later or follow me on twitter @andyjmorgan.