A quick Internet search for "desktop gadgets" reveals countless items that have no place in the enterprise, such as the gadget that lets you use a touch-screen monitor as a piano. In addition, some applications contain malicious code. However, desktop gadgets such as a calculator may help user productivity. Furthermore, desktop gadgets are relatively easy to create, so an enterprise can produce its own line of business gadgets. For example, I know of one organization that created a SharePoint app that tracks inventory information in real time.
Ultimately, each organization needs to decide for itself if it wants to allow desktop gadgets. If you do allow gadgets in your enterprise, then it's important to manage them. While Microsoft doesn't allow for a high degree of control over desktop gadgets, there are four Group Policy settings in Windows 7 that can help you. Unfortunately, none of these settings let you blacklist specific gadget (but I have seen a few subtle hints that such a setting may be coming in the future).
These settings are in the Group Policy Object Editor at Computer Configuration | Administrative Templates | Windows Components | Desktop Gadgets, shown in Figure 1. You can also find an identical set of user-specific Group Policy settings at User Configuration | Administrative Templates | Windows Components | Desktop Gadgets.Figure 1: Four Group Policy settings can help you control desktop gadgets. (Click to enlarge.)
The first of these settings is Override the More Gadgets Link. Windows contains a link that takes users to Microsoft's gadget gallery, where they can download additional gadgets. This setting allows the administrator to provide an alternate download link, so when a user clicks on the More Gadgets link, he will be taken to a download site that you have approved. You could even create your own internal download site containing only desktop gadgets that are approved for use within your organization.
The Turn off desktop gadgets setting is another Group Policy setting. This is the setting to use if you want to completely ban gadgets in your organization.
The last Group Policy setting is Turn off user-installed desktop gadgets. If you enable this setting, users will be able to run only the desktop gadgets that are built into Windows. Any gadgets that users have downloaded and installed themselves will be disallowed.
A business case can often be made for the use of desktop gadgets, but there is plenty of room for abuse. Although Microsoft doesn't provide a lot of control over the use of desktop gadgets, there are Group Policy settings that can give you some degree of control.
ABOUT THE AUTHOR
Brien M. Posey, MCSE, has received Microsoft's Most Valuable Professional Award seven times for his work with Windows Server, IIS and Exchange Server. He has served as CIO for a nationwide chain of hospitals and health care facilities and was once a network administrator for Fort Knox. You can visit his personal website at www.brienposey.com.
This was first published in August 2010