Solved

Hide "Administrative Tools" from a group of non-administrator users via Group Policy

Posted on 2011-03-13
7
1,518 Views
Last Modified: 2013-12-04
I’m running Terminal Services on a Windows 20003 R2 server.  The server is a domain controller as well.
I'm trying to do two things with this server:
1. Hide "Administrative Tools" from a group of non-administrator users via Group Policy.  Is that possible?  I saw registry changes on the net but prefer to do it through a GPO.

2. Disallow savvy users from running the commands in "Administrative Tools" such as dsa.msc, dssite.msc and domain.msc from a command prompt or start->run.  Again, I'd like to do this with a GPO.

Thanks,

-Ken
0
Comment
Question by:kucelkj
  • 4
  • 3
7 Comments
 
LVL 13

Expert Comment

by:AustinComputerLabs
Comment Utility
From: http://www.brianmadden.com/forums/t/19270.aspx

Open the GPO in gpedit.msc and go to:

User Config\Administrative Templates\Windows Components\Microsoft Management Console\ and restrict access to author mode and any MMC snap ins you don't want them to get to.

Be sure that the computer side is in loopback mode if you don't already have a policy on your TS OU that does this:

Computer Config\Administrative Templates\System\Group Policy\User Group Policy Loopback Processing Mode = enabled.

Once the policy is created, it is a good idea to deny apply rights to the administrative staff that supports the server.
0
 

Author Comment

by:kucelkj
Comment Utility
AustinComputer,

I've found this solution after I posted the question but thanks for you help.  This addresses question 2.  Do you have any advice for question 1?

Thanks,

-Ken
0
 

Author Comment

by:kucelkj
Comment Utility
Okay, that solution did work!! :)  Thanks!

Now, is there a way to hide it so it doesn't even appear?
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 13

Accepted Solution

by:
AustinComputerLabs earned 500 total points
Comment Utility
From: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_26491683.html

You can also hide it from in the All Programs Menu and Start Menu using the instructions below using local group policy on the TS. However hiding it does not block access, and users can also access from the control panel. You can use an existing GPO to block access to the control panel.

From: http://www.sevenforums.com/tutorials/8891-administrative-tools-add-remove-start-menu.html
1. Open the Start Menu, then type regedit in the search box and press Enter.
2. If prompted by UAC, then click on Yes.
3. In regedit, navigate to the location below. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

To Not Display "Administrative Tools" in All Programs Menu and Start Menu
A) In the right pane of Advanced, double click on Start_AdminToolsRoot, type 0 (number zero), and click on OK.
NOTE: If the Start_AdminToolsRoot DWORD is not here, then right click on a blank space in the right pane of Advanced, click on New and DWORD (32-bit) value, type in Start_AdminToolsRoot and press enter.
B) In the right pane of Advanced, right click on Start_AdminToolsTemp, click on Delete, and click on Yes.
C) In the right pane of Advanced, double click on StartMenuAdminTools, type 0 (number zero), and click on OK.
NOTE: If the StartMenuAdminTools DWORD is not here, then right click on a blank space in the right pane of Advanced, click on New and DWORD (32-bit) value, type in StartMenuAdminTools and press enter.
0
 

Author Comment

by:kucelkj
Comment Utility
Awesome, Thanks!
0
 

Author Closing Comment

by:kucelkj
Comment Utility
Thanks so much for the help!!
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
Comment Utility
Glad I could help.
Rick
0

Featured Post

Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

Join & Write a Comment

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now