Solved

Terminal Server 2008 Lock Down

Posted on 2009-05-15
5
4,774 Views
Last Modified: 2012-05-07
This is driving me mad!!!

Have a 2003 Domain Controller and a 2008 Terminal Server.  I have followed the procedure for locking down the 2003 Server supplied by Microosft but with 2008 it still retains Administrative Tools, and Computer and a couple of others on the right hand side.  Also there is no longer an All Users folder - I want an icon to show for all users.  I have put a shortcut in the c:\users\Public\Public Desktop but when I log in it does not show up.  

I have removed everything out of c:\programdata\Microsoft\windows\start menu but still get the menus showing.   I have attached a screenshot - I don't want any of that showing in the right hand pane

I also want a program to run for all users in a certain OU that the group policy is applied to (the same one that has a shortcut on the desktop for) - I have tried accomplishing this with a login script but it does not work.

Does anybody have any ideas about this infuriating problem?

Thanks

bilbo-uk
showssup.jpg
0
Comment
Question by:bilbo-uk
  • 3
  • 2
5 Comments
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24406804
You can use group policy to remove those items for all users.
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24406812
That icon you can put in the default users folder if you're not having any luck with Public. Also remember that if you are hiding desktop icons, this would not show up for them.
0
 

Author Comment

by:bilbo-uk
ID: 24410267
I can't see a setting in group policy to remove these - as I said I have gone through the Microsoft Lock Down procedure for 2003.  It is a 2003 DC so 2003 Group Policy Management but a 2008 Terminal Server.  

I will take a look for the default users folder

0
 
LVL 17

Accepted Solution

by:
OriNetworks earned 500 total points
ID: 24458879
You can also try forcing classic start menu in User Config.->Admin Templates->Start Menu and Taskbar->Force Classic Start Menu
I havent tried this but i believe it removes all of those options that are remaining.

But if that doesnt work or work completely, some options can be changed by creating custom settings using registry keys such as this one to remove the administrative tools.
http://windowsitpro.com/article/articleid/84923/jsi-tip-10020-how-can-i-remove-administrative-tools-from-the-windows-xp-start-menu-and-all-programs-menu-using-the-registry.html

Keep in mind that page explains how to do it with polcy maker but all you need to know is the registry key to create your own settings in group policy.

To get a certain program to startup, you would go to administration tools -> terminal services confirugration and tell it what program or file to open.
0
 

Author Closing Comment

by:bilbo-uk
ID: 31581987
I finally got this working after much trial and error.  You can find that All Users is there but is a hidden folder under documents and settings.  If I was asked to reproduce exactly what I did I would struggle but it works well for the customer.

Using Classic Menu did help with removing the Administrative Tools

0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question