Solved

Terminal Server 2008 Lock Down

Posted on 2009-05-15
5
4,785 Views
Last Modified: 2012-05-07
This is driving me mad!!!

Have a 2003 Domain Controller and a 2008 Terminal Server.  I have followed the procedure for locking down the 2003 Server supplied by Microosft but with 2008 it still retains Administrative Tools, and Computer and a couple of others on the right hand side.  Also there is no longer an All Users folder - I want an icon to show for all users.  I have put a shortcut in the c:\users\Public\Public Desktop but when I log in it does not show up.  

I have removed everything out of c:\programdata\Microsoft\windows\start menu but still get the menus showing.   I have attached a screenshot - I don't want any of that showing in the right hand pane

I also want a program to run for all users in a certain OU that the group policy is applied to (the same one that has a shortcut on the desktop for) - I have tried accomplishing this with a login script but it does not work.

Does anybody have any ideas about this infuriating problem?

Thanks

bilbo-uk
showssup.jpg
0
Comment
Question by:bilbo-uk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24406804
You can use group policy to remove those items for all users.
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24406812
That icon you can put in the default users folder if you're not having any luck with Public. Also remember that if you are hiding desktop icons, this would not show up for them.
0
 

Author Comment

by:bilbo-uk
ID: 24410267
I can't see a setting in group policy to remove these - as I said I have gone through the Microsoft Lock Down procedure for 2003.  It is a 2003 DC so 2003 Group Policy Management but a 2008 Terminal Server.  

I will take a look for the default users folder

0
 
LVL 17

Accepted Solution

by:
OriNetworks earned 500 total points
ID: 24458879
You can also try forcing classic start menu in User Config.->Admin Templates->Start Menu and Taskbar->Force Classic Start Menu
I havent tried this but i believe it removes all of those options that are remaining.

But if that doesnt work or work completely, some options can be changed by creating custom settings using registry keys such as this one to remove the administrative tools.
http://windowsitpro.com/article/articleid/84923/jsi-tip-10020-how-can-i-remove-administrative-tools-from-the-windows-xp-start-menu-and-all-programs-menu-using-the-registry.html

Keep in mind that page explains how to do it with polcy maker but all you need to know is the registry key to create your own settings in group policy.

To get a certain program to startup, you would go to administration tools -> terminal services confirugration and tell it what program or file to open.
0
 

Author Closing Comment

by:bilbo-uk
ID: 31581987
I finally got this working after much trial and error.  You can find that All Users is there but is a hidden folder under documents and settings.  If I was asked to reproduce exactly what I did I would struggle but it works well for the customer.

Using Classic Menu did help with removing the Administrative Tools

0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A safe way to clean winsxs folder from your windows server 2008 R2 editions
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question