lock down terminal services using group policy

I am working on completely locking down a 2003 terminal server.  I created a special OU for the users that will only be connecting to the network through this locked down terminal server session.  I created a new group policy for that OU.  I have the session locked down to only the four desktop shortcuts I want.....except....

When a new user logs on the "Manage Your Server" window is displayed which has links to all kinds of stuff.

On the START menu, "Administrative Tools" and "Printers and Faxes" are still available.  I would like the START menu to contain only "Logoff".

I can't find the right place in Group Policy to turn off those three items.  All help is appreciated.
blotto99Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BrianIT ManagerCommented:
Hello blotto99

Answer to Number 1 is here - Computer Configuration\Administrative Templates\System\Do not display Manage Your Server page at logon.  Just Enable that setting.

Answers to Number 2 and 3 can be found in this setting -
User Configuration\Administrative Templates\Start Menu and Taskbar
and potentially here -
User Configuration\Administrative Templates\Control Panel

Brian



rodriguespCommented:
To disable "Manage your server", configure the gpo: Computer configuration - Administrative templates - System - "Do not display Manage Your Server page at logon"

To hide the "Printers and Faxes", see the following link http://www.mcse.ms/archive66-2004-8-894369.html

To hide "Administrative tools", see the following link http://www.mcse.ms/archive47-2005-12-2049025.html


See also the following links about GPO and Terminal Service:

How to apply Group Policy objects to Terminal Services servers
http://support.microsoft.com/kb/260370/EN-US/

Loopback processing of Group Policy
http://support.microsoft.com/?id=231287


With Loopback processing you can combine User GPO and Computer GPO for Terminal Services in an OU, independent of the OU where the user resides. so you can create a User configuration GPO where you configure the menus that you wangt to show and that gpo applies to the users that log using Terminal services.

PR

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jay_Jay70Commented:
found this link some time back for some extra security....

http://www.microsoft.com/windowsserver2003/techinfo/overview/lockdown.mspx
BrianIT ManagerCommented:
Just a question here...how come my answer to number got no consideration for a points split?

Brian
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.