asked on

Hide "Administrative Tools" from a group of non-administrator users via Group Policy

I’m running Terminal Services on a Windows 20003 R2 server. The server is a domain controller as well.
I'm trying to do two things with this server:
1. Hide "Administrative Tools" from a group of non-administrator users via Group Policy. Is that possible? I saw registry changes on the net but prefer to do it through a GPO.

2. Disallow savvy users from running the commands in "Administrative Tools" such as dsa.msc, dssite.msc and domain.msc from a command prompt or start->run. Again, I'd like to do this with a GPO.

Thanks,

-Ken

AustinComputerLabs

From: http://www.brianmadden.com/forums/t/19270.aspx

Open the GPO in gpedit.msc and go to:

User Config\Administrative Templates\Windows Components\Microsoft Management Console\ and restrict access to author mode and any MMC snap ins you don't want them to get to.

Be sure that the computer side is in loopback mode if you don't already have a policy on your TS OU that does this:

Computer Config\Administrative Templates\System\Group Policy\User Group Policy Loopback Processing Mode = enabled.

Once the policy is created, it is a good idea to deny apply rights to the administrative staff that supports the server.

kucelkj

ASKER

AustinComputer,

I've found this solution after I posted the question but thanks for you help. This addresses question 2. Do you have any advice for question 1?

Thanks,

-Ken

kucelkj

ASKER

Okay, that solution did work!! :) Thanks!

Now, is there a way to hide it so it doesn't even appear?

ASKER CERTIFIED SOLUTION

AustinComputerLabs

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

kucelkj

ASKER

Awesome, Thanks!