I’m running Terminal Services on a Windows 20003 R2 server. The server is a domain controller as well.
I'm trying to do two things with this server:
1. Hide "Administrative Tools" from a group of non-administrator users via Group Policy. Is that possible? I saw registry changes on the net but prefer to do it through a GPO.
2. Disallow savvy users from running the commands in "Administrative Tools" such as dsa.msc, dssite.msc and domain.msc from a command prompt or start->run. Again, I'd like to do this with a GPO.