Solved

Remote Desktop Services - Non-Best Practices Setup

Posted on 2012-03-28
8
694 Views
Last Modified: 2012-06-21
I've got a very strange setup that I'm working on. I've got a doctor's office running a practice management software on Server 2008 R2, which is also running Remote Desktop Services for remote users. This server is a member server. The domain controller is running Server 2003 R2. I know this is not a best practices situation, but due to software manufacturer restrictions, we are unable to promote the Server 2008 R2 machine to a DC or PDC. The Server 2003 R2 machine is also running Terminal Services. I would like to set up both servers to disable the shutdown button when users are logged on remotely. What would be the best way to go about doing this?
0
Comment
Question by:horizontechgroup
8 Comments
 
LVL 6

Expert Comment

by:jonyelton
ID: 37780225
You can use group policy to disable this option,

User Configuration\Administrative Templates\Start Menu & Taskbar
"Disable and remove the Shut Down command"
0
 
LVL 11

Expert Comment

by:Venugopal N
ID: 37780364
User config -> admin templates -> start menu and taskbar -> remove and prevent access to the shutdown, restart, sleep and hibernate comands = enabled

Can you the plolicy above to block the user from rebooting the server, when they login to the server through COnsole.

If you need to block the shutdown in terminal server mode then need to enable the Loopback Processing on the Terminal server.For more information refer the below link...

http://support.microsoft.com/kb/260370
http://www.petenetlive.com/KB/Article/0000499.htm
0
 
LVL 31

Accepted Solution

by:
Cláudio Rodrigues earned 200 total points
ID: 37781928
Make sure your policy does NOT apply to administrators otherwise you may prevent admins from shutting down the box.
For the 2008 R2 box I would put it on its on OU and apply a policy in Loopback replace mode that would apply to two groups, to be created:
RDS_Servers: Add the 2008 R2 to this group and any other future RDS boxes.
RDS_Users: Add all users that need TS/RDS access. Do not add any admin here.
The policy would apply to these two groups only, at the OU level.
Everything is explained in great detail on the guide I wrote, "Terminal Services: from A to Z". Even though it was written for 2003, all the foundation applies to 2008 R2 as well. Available for download at no cost at http://www.wtslabs.com.

Cheers.

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 

Author Comment

by:horizontechgroup
ID: 37783475
What about removing "Administrative Tools" from the start menu?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 37783513
On 2008 that is controlled by Group Policy Preferences.

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 

Author Comment

by:horizontechgroup
ID: 37783574
So, since the 2008 server is only a member server, is that in the local policy?
0
 
LVL 31

Expert Comment

by:Cláudio Rodrigues
ID: 37783695
The problem is not he is a member server. You can manage GPPs from any 2008 DC but as you are 2003 this may not be possible so a local policy will do it I assume.

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 

Author Closing Comment

by:horizontechgroup
ID: 37783924
Thanks for all the help, Cláudio!
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
How to install and configure Citrix XenApp 6.5 - Part 1. In this video tutorial we have explained step by step installation of Citrix XenApp 6.5 Server on Windows Server 2008 R2 is explained in this video. We have explained the difference between…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now