I am trying to create a Local Rights Assignment policy which restricts users from accessing C:\Users\Profilename\Desktop. When using the ${Userprofile} variable it does not point to C:\Users\profilename, instead it points to "C:\Windows\system32\config\systemprofile and I receive the following error:

The file/folder "C:\Windows\system32\config\systemprofile\" was not found while enforcing policy

Does anyone know how I can accomplish restricting access to the desktop so users cannot save any files\shortcuts to it? Currently giving read-only access to C:\Users\* does work, but I also need them to have access to their Favorites folder, which this limits.

Any help or suggestions would be greatly appreciated.