Solved

Hide "Administrative Tools" from a group of non-administrator users via Group Policy

Posted on 2011-03-13
7
1,550 Views
Last Modified: 2013-12-04
I’m running Terminal Services on a Windows 20003 R2 server.  The server is a domain controller as well.
I'm trying to do two things with this server:
1. Hide "Administrative Tools" from a group of non-administrator users via Group Policy.  Is that possible?  I saw registry changes on the net but prefer to do it through a GPO.

2. Disallow savvy users from running the commands in "Administrative Tools" such as dsa.msc, dssite.msc and domain.msc from a command prompt or start->run.  Again, I'd like to do this with a GPO.

Thanks,

-Ken
0
Comment
Question by:kucelkj
  • 4
  • 3
7 Comments
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35122452
From: http://www.brianmadden.com/forums/t/19270.aspx

Open the GPO in gpedit.msc and go to:

User Config\Administrative Templates\Windows Components\Microsoft Management Console\ and restrict access to author mode and any MMC snap ins you don't want them to get to.

Be sure that the computer side is in loopback mode if you don't already have a policy on your TS OU that does this:

Computer Config\Administrative Templates\System\Group Policy\User Group Policy Loopback Processing Mode = enabled.

Once the policy is created, it is a good idea to deny apply rights to the administrative staff that supports the server.
0
 

Author Comment

by:kucelkj
ID: 35122691
AustinComputer,

I've found this solution after I posted the question but thanks for you help.  This addresses question 2.  Do you have any advice for question 1?

Thanks,

-Ken
0
 

Author Comment

by:kucelkj
ID: 35122757
Okay, that solution did work!! :)  Thanks!

Now, is there a way to hide it so it doesn't even appear?
0
Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

 
LVL 13

Accepted Solution

by:
AustinComputerLabs earned 500 total points
ID: 35122788
From: http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/Q_26491683.html

You can also hide it from in the All Programs Menu and Start Menu using the instructions below using local group policy on the TS. However hiding it does not block access, and users can also access from the control panel. You can use an existing GPO to block access to the control panel.

From: http://www.sevenforums.com/tutorials/8891-administrative-tools-add-remove-start-menu.html
1. Open the Start Menu, then type regedit in the search box and press Enter.
2. If prompted by UAC, then click on Yes.
3. In regedit, navigate to the location below. HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

To Not Display "Administrative Tools" in All Programs Menu and Start Menu
A) In the right pane of Advanced, double click on Start_AdminToolsRoot, type 0 (number zero), and click on OK.
NOTE: If the Start_AdminToolsRoot DWORD is not here, then right click on a blank space in the right pane of Advanced, click on New and DWORD (32-bit) value, type in Start_AdminToolsRoot and press enter.
B) In the right pane of Advanced, right click on Start_AdminToolsTemp, click on Delete, and click on Yes.
C) In the right pane of Advanced, double click on StartMenuAdminTools, type 0 (number zero), and click on OK.
NOTE: If the StartMenuAdminTools DWORD is not here, then right click on a blank space in the right pane of Advanced, click on New and DWORD (32-bit) value, type in StartMenuAdminTools and press enter.
0
 

Author Comment

by:kucelkj
ID: 35166797
Awesome, Thanks!
0
 

Author Closing Comment

by:kucelkj
ID: 35166805
Thanks so much for the help!!
0
 
LVL 13

Expert Comment

by:AustinComputerLabs
ID: 35167134
Glad I could help.
Rick
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
firewall inside of network 9 80
Tools or ways to handle development of complex web applications 4 133
internet access from windows servers 4 76
FTP server windows 2008 5 40
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question