Problems with controlling Windows 2008 Terminal Services(Remote Desktop) User icons - User applications

Hi,

I have Installed Remote Desktop Services on Windows 2008 Domain Controller (Stnd) and I'm unable to control  access to user icons and applications with security using Remote App Manager. It still displays icons on users desktops and in the programs menu. The user cannot execute the applications, but they are still visable.

How can I prevent the users from, seeing the icons and programs options. I have done what the common FAQ's about the subject suggest, but they are still there.

I want to stop the users being able to see icons such as administration tools and control other icons and apps on the desktop and program menu.

Any help appreciated.
KillersmitsAsked:
Who is Participating?
 
pwindellCommented:
Why even worry about it?  Normal users can only do what normal users are allowed to do,...they are not administrators,...they cannot run administrator tools if they aren't an administrator.   Worrying about them "seeing" and icon is pointless,...and you'll probably wreck the machine  trying to change that.

You can use normal Group Policy to restrict down the desktop somewhat.  Use the normal things the GPO makes available to you,....don't try to "outsmart the system",...and you'll be fine.  But you have to be careful how you apply the GPO so that it:

1. does not effect Administrators
2. does not spill over to other machines and apply itself across the whole LAN
0
 
OveCommented:
you should delete the links (icons) from the public-user-profile and may be copy it to the admin-user-profile.

Ove
0
 
Justin OwensITIL Problem ManagerCommented:
I am going to second pwindell's comments... There is no point to hiding those items, and it can potentially cause quite a few undesired results.  I would leave it alone.

DrUltima
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
pwindellCommented:
Thanks Doc!   :-)
0
 
kevinhsiehCommented:
RemoteApp Manager controls what is visible using RD Web, and allows you to publish applications to a users own desktop environment. It doesn't affect what users see when logging into the desktop environment of the RD Session host. That said, I agree with the others and leave things alone, especially since this is a domain controller and not a dedicated member server that you can blow up.
0
 
pwindellCommented:
I didn't notice that this was a DC.  Doing any of this on a DC is just insane to me.   A Terminal Server is basically just a glorified Workstation for the users.  Turning the Domain Controller into a glorified workstation is just totally unacceptable.  I'll have no more to do with this one.
0
 
Justin OwensITIL Problem ManagerCommented:
Honestly, unless it is a Small Business Server, you should not enable TS access to non-Administrator users on a DC.  Better solution is to deploy a new server specifically for TS functionality.

DrUltima
0
 
KillersmitsAuthor Commented:
Thanks for the feedback everyone.

Regarding Domain controllers, this is what we have, what we want to do in the short term. Which boxes should I have as a DC, GC etc??

1. 2003 Server standard with Exchange 2003. This is our mail server and runs a program used for tracking patients and appointments etc. It also acts as a print server.

2. 2008 Server R2. This is a file server and runs a couple of databases. This is the newer server, and has heaps of RAM, hard drive space/redundency, and CPU power. This is the one I am trying to get TS setup on.

3. We have another 2008 Server R2, which we have installed Exchange 2008 on, in readiness to move our mail to when we get time.

So which ones you you suggest we have as DC, GC, and to hold FSMO roles?

0
 
OveCommented:
your last comment leaves the scope of your initial question i think. You do need sbdy. to help you in fundamental ad- and server-design :-O

you should come back to your initial question - or open a new Q i think.

Ove
0
 
pwindellCommented:
Whatever machine you can come up with that you can dedicate to only that purpose.  It does not have to be extremely powerful.  DCs are low CPU and low memory usage,...but they do have to be dependable and having a hot swappable RAID drives is very important.  There should always be two DCs,...if you have only one then you have to be extremely diligent about making good solid Full System State Backups that you can do a Full Restore from in the even of a failure.  I would make backups once a week, I wouldn't stretch it any longer than that.

DCs are fine to run other infrastructure services on.  They will already have DNS, but you can add DHCP and WINS with no problem at all.

As Ove said, to go any further into that subject you may want to start a new topic.
0
 
KillersmitsAuthor Commented:
Thanks for your help guys. I will do as suggested and not try to outsmart the system. But after your comments on DC and Term services being one and the same, Im rethinking the server roles in the long run, and I will probably change things in the long run.
0
 
pwindellCommented:
Ok.
Good luck with everything
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.