• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 707
  • Last Modified:

Remote Desktop Services - Non-Best Practices Setup

I've got a very strange setup that I'm working on. I've got a doctor's office running a practice management software on Server 2008 R2, which is also running Remote Desktop Services for remote users. This server is a member server. The domain controller is running Server 2003 R2. I know this is not a best practices situation, but due to software manufacturer restrictions, we are unable to promote the Server 2008 R2 machine to a DC or PDC. The Server 2003 R2 machine is also running Terminal Services. I would like to set up both servers to disable the shutdown button when users are logged on remotely. What would be the best way to go about doing this?
0
horizontechgroup
Asked:
horizontechgroup
1 Solution
 
jonyeltonCommented:
You can use group policy to disable this option,

User Configuration\Administrative Templates\Start Menu & Taskbar
"Disable and remove the Shut Down command"
0
 
Venugopal NCommented:
User config -> admin templates -> start menu and taskbar -> remove and prevent access to the shutdown, restart, sleep and hibernate comands = enabled

Can you the plolicy above to block the user from rebooting the server, when they login to the server through COnsole.

If you need to block the shutdown in terminal server mode then need to enable the Loopback Processing on the Terminal server.For more information refer the below link...

http://support.microsoft.com/kb/260370
http://www.petenetlive.com/KB/Article/0000499.htm
0
 
Cláudio RodriguesFounder and CEOCommented:
Make sure your policy does NOT apply to administrators otherwise you may prevent admins from shutting down the box.
For the 2008 R2 box I would put it on its on OU and apply a policy in Loopback replace mode that would apply to two groups, to be created:
RDS_Servers: Add the 2008 R2 to this group and any other future RDS boxes.
RDS_Users: Add all users that need TS/RDS access. Do not add any admin here.
The policy would apply to these two groups only, at the OU level.
Everything is explained in great detail on the guide I wrote, "Terminal Services: from A to Z". Even though it was written for 2003, all the foundation applies to 2008 R2 as well. Available for download at no cost at http://www.wtslabs.com.

Cheers.

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
horizontechgroupAuthor Commented:
What about removing "Administrative Tools" from the start menu?
0
 
Cláudio RodriguesFounder and CEOCommented:
On 2008 that is controlled by Group Policy Preferences.

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 
horizontechgroupAuthor Commented:
So, since the 2008 server is only a member server, is that in the local policy?
0
 
Cláudio RodriguesFounder and CEOCommented:
The problem is not he is a member server. You can manage GPPs from any 2008 DC but as you are 2003 this may not be possible so a local policy will do it I assume.

Cláudio Rodrigues
Microsoft MVP - RDS
Citrix CTP
0
 
horizontechgroupAuthor Commented:
Thanks for all the help, Cláudio!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now