Solved

Terminal Server 2008 Lock Down

Posted on 2009-05-15
5
4,773 Views
Last Modified: 2012-05-07
This is driving me mad!!!

Have a 2003 Domain Controller and a 2008 Terminal Server.  I have followed the procedure for locking down the 2003 Server supplied by Microosft but with 2008 it still retains Administrative Tools, and Computer and a couple of others on the right hand side.  Also there is no longer an All Users folder - I want an icon to show for all users.  I have put a shortcut in the c:\users\Public\Public Desktop but when I log in it does not show up.  

I have removed everything out of c:\programdata\Microsoft\windows\start menu but still get the menus showing.   I have attached a screenshot - I don't want any of that showing in the right hand pane

I also want a program to run for all users in a certain OU that the group policy is applied to (the same one that has a shortcut on the desktop for) - I have tried accomplishing this with a login script but it does not work.

Does anybody have any ideas about this infuriating problem?

Thanks

bilbo-uk
showssup.jpg
0
Comment
Question by:bilbo-uk
  • 3
  • 2
5 Comments
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24406804
You can use group policy to remove those items for all users.
0
 
LVL 17

Expert Comment

by:OriNetworks
ID: 24406812
That icon you can put in the default users folder if you're not having any luck with Public. Also remember that if you are hiding desktop icons, this would not show up for them.
0
 

Author Comment

by:bilbo-uk
ID: 24410267
I can't see a setting in group policy to remove these - as I said I have gone through the Microsoft Lock Down procedure for 2003.  It is a 2003 DC so 2003 Group Policy Management but a 2008 Terminal Server.  

I will take a look for the default users folder

0
 
LVL 17

Accepted Solution

by:
OriNetworks earned 500 total points
ID: 24458879
You can also try forcing classic start menu in User Config.->Admin Templates->Start Menu and Taskbar->Force Classic Start Menu
I havent tried this but i believe it removes all of those options that are remaining.

But if that doesnt work or work completely, some options can be changed by creating custom settings using registry keys such as this one to remove the administrative tools.
http://windowsitpro.com/article/articleid/84923/jsi-tip-10020-how-can-i-remove-administrative-tools-from-the-windows-xp-start-menu-and-all-programs-menu-using-the-registry.html

Keep in mind that page explains how to do it with polcy maker but all you need to know is the registry key to create your own settings in group policy.

To get a certain program to startup, you would go to administration tools -> terminal services confirugration and tell it what program or file to open.
0
 

Author Closing Comment

by:bilbo-uk
ID: 31581987
I finally got this working after much trial and error.  You can find that All Users is there but is a hidden folder under documents and settings.  If I was asked to reproduce exactly what I did I would struggle but it works well for the customer.

Using Classic Menu did help with removing the Administrative Tools

0

Featured Post

Live: Real-Time Solutions, Start Here

Receive instant 1:1 support from technology experts, using our real-time conversation and whiteboard interface. Your first 5 minutes are always free.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Moving pagefile.sys problem on WindowsServer Standard FE 17 38
Problem to search 5 41
SQL Server Update Query Streamline 4 28
windows 10 versions 3 33
I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
Learn about cloud computing and its benefits for small business owners.
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now