?
Solved

Disabling Access to Control Panel on a Remote Desktop Server.

Posted on 2010-11-24
3
Medium Priority
?
424 Views
Last Modified: 2012-05-10
We want to set up a server that is configured for Remote Desktop access for a small group of users that will be running a couple of applications from a remote location.  Setting up the Remote Desktop portion was a piece of cake but now I want to disable the Control Panel and Administrative tools on the Start menu.  Obviously we can't allow just any user to be making changes that could affect everybody else using the server.  I found several articles that provide information about configuring the Local Policies/Administrative Templates to disable the Control Panel but they didn't convey how to disable the Control Panel for normal users while making it available for the Administrator, either local or domain.  Our network is setup as a Windows 2003 domain so it's possible to configure the group policies in Active Directory to disable the Control Panel but it disabled it for all of the accounts including the Administrator accounts and it did it on all of the servers on the domain.  I believe that the answer may be in using Organization Units but I have been able to figure out how to configure them to target only the server providing the Remote Desktop applications.


So here's what I need.  I need to know how to configure either the local policy on the Remote desktop server or the domain group policies so that they disable the Control Panel and eventually the Administrative Tools for the normal domain user accounts that are logging in via remote desktop while still allowing the Administrator to be able to access and use the applications in both of these panels.  I believe the policy should apply only to the remote desktop server but I suppose it wouldn't hurt if it applied to all of the servers as long as the Administrator was still able to access these applications.


I seem to be dancing all around this but I am never able to find the right combination that will accomplish what I'm trying to do.



0
Comment
Question by:srulison
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 57

Accepted Solution

by:
Mike Kline earned 2000 total points
ID: 34209849
You could setup a group policy to lockdown the box for the users and use that in conjunction with loopback  processing  http://sdmsoftware.com/blog/2009/01/06/please-explain-loopback-processing/ and security fitering.  See this question I helped with

http://www.experts-exchange.com/Software/Server_Software/File_Servers/Active_Directory/Q_26409306.html

Thanks

Mike
0
 

Author Comment

by:srulison
ID: 34214853
Thank you for your response.  You probably are on the right track but I will need to do some research security filtering and loopback processing.  working with Group Policies is very new to me and I am beginning to see that there is a lot more to it than meets the eye.  I will look over the links that you gave me and google the filtering and loopback processing over the weekend.

Thanks again.

Steve.
0
 

Author Closing Comment

by:srulison
ID: 34311707
I believe that the information provided will be very helpful in configuring these policies for a remote desktop server.   Unfortunately, after I posted this question I got called away on another problem and it will be a while before I will be able to get back to this project.
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question