I am looking to disable editing desktop and documents on our network and so far I am not having much look.

Our Macs are linked to AD and people login with there AD accounts.

We have a suite of Macs and want to make sure people save to network drives and not the devices.

So either a script that runs on login and making it so that all accounts are setup as Guest accounts on the Macs would work I guess but not sure how to do this.

I have used scripts like the following and they all work when logged into the device but error via Jamf.

sudo -u $USER chflags uchg ~/desktop
sudo -u $USER chflags uchg ~/documents

The Errors 

Script result: sudo: unknown user: chflags
sudo: error initializing audit plugin sudoers_audit sudo: unknown user: chflags sudo: error initializing audit plugin sudoers_audit

I was looking at ideally doing it via a login script as then I can exclude the admin account etc to make sure things can still be done if needed.