Need to hide or Safely Remove Hardware icon

I have two Windows 2008 R2 Terminal Servers running as guests on a VMware 5 host. The users that connect have access to the Safetly Remove Hardware icon in the system Tray. Convienently one of the items that can be "safely ejected" is the Intel Network card. Doing this drops all sessions and removes the NIC from the Terminal Server Guest permenetly. You can see this is a bit of an issue.

I am running in a Windows 2003 Active Directory Domain. Anyone know a reg hack to fix  this?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

I thought only Administrators, Power Users and Backup Operators had the right to remove hardware, so maybe you could work with the user rights on the VM.

If not, you might be able to hide the system tray completely by creating the 'NoTrayItemsDisplay' in the registry with value 1 in [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

Thirdly, you could fiddle with the GPO keys User Conf\Adm.Temp\Desktop\system\ Run only specified windows applications or don't run specified windows applications with shell.dll or hotplug.dll

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
eellong3Author Commented:
Interesting point, i suppose it wouldnt matter that the the Safely Remove Hardware was in the system tray if users didnt have permissions to eject the network card. Strange but the users do not have elevated priveledge and can still do it. I will try to explicetly deny access in Local Security Policy.

I need the system tray for other apps that use it for notifications so I cant disable it completely unfortuantly.

I am going to give the GPO a shot - that would be a quick and dirty way to get this done. Thanks for the responce - ill let you know how this goes.
eellong3Author Commented:
There was an option DEVICES: alloed to format and eject removable media, this was not defined, changing it to Administrators only had no change.

Havent tried the GPO option yet. Will post back when i do.
eellong3Author Commented:
The blasted test accounts i was using (i didnt create the test accounts) had mixed group membership, some were administrators. That was the problem. Thanks for your effort on this.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Legacy OS

From novice to tech pro — start learning today.