Solved

Terminal Server 2008 Lock Down

Posted on 2009-05-15
5
4,766 Views
Last Modified: 2012-05-07
This is driving me mad!!!

Have a 2003 Domain Controller and a 2008 Terminal Server.  I have followed the procedure for locking down the 2003 Server supplied by Microosft but with 2008 it still retains Administrative Tools, and Computer and a couple of others on the right hand side.  Also there is no longer an All Users folder - I want an icon to show for all users.  I have put a shortcut in the c:\users\Public\Public Desktop but when I log in it does not show up.  

I have removed everything out of c:\programdata\Microsoft\windows\start menu but still get the menus showing.   I have attached a screenshot - I don't want any of that showing in the right hand pane

I also want a program to run for all users in a certain OU that the group policy is applied to (the same one that has a shortcut on the desktop for) - I have tried accomplishing this with a login script but it does not work.

Does anybody have any ideas about this infuriating problem?

Thanks

bilbo-uk
showssup.jpg
0
Comment
Question by:bilbo-uk
  • 3
  • 2
5 Comments
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24406804
You can use group policy to remove those items for all users.
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24406812
That icon you can put in the default users folder if you're not having any luck with Public. Also remember that if you are hiding desktop icons, this would not show up for them.
0
 

Author Comment

by:bilbo-uk
ID: 24410267
I can't see a setting in group policy to remove these - as I said I have gone through the Microsoft Lock Down procedure for 2003.  It is a 2003 DC so 2003 Group Policy Management but a 2008 Terminal Server.  

I will take a look for the default users folder

0
 
LVL 17

Accepted Solution

by:
OriNetworks earned 500 total points
ID: 24458879
You can also try forcing classic start menu in User Config.->Admin Templates->Start Menu and Taskbar->Force Classic Start Menu
I havent tried this but i believe it removes all of those options that are remaining.

But if that doesnt work or work completely, some options can be changed by creating custom settings using registry keys such as this one to remove the administrative tools.
http://windowsitpro.com/article/articleid/84923/jsi-tip-10020-how-can-i-remove-administrative-tools-from-the-windows-xp-start-menu-and-all-programs-menu-using-the-registry.html

Keep in mind that page explains how to do it with polcy maker but all you need to know is the registry key to create your own settings in group policy.

To get a certain program to startup, you would go to administration tools -> terminal services confirugration and tell it what program or file to open.
0
 

Author Closing Comment

by:bilbo-uk
ID: 31581987
I finally got this working after much trial and error.  You can find that All Users is there but is a hidden folder under documents and settings.  If I was asked to reproduce exactly what I did I would struggle but it works well for the customer.

Using Classic Menu did help with removing the Administrative Tools

0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you migrate a Terminal Server licenses server inside the 2008 server family, you can takte advantage of the build-in migration tool. If you like to migrate an older 2003 Server (and the installed client CALs) to a 2008 R2 server for example, you …
Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now