Solved

GPO problems with RDS and server 2012 R2

Posted on 2014-04-15
5
1,798 Views
Last Modified: 2014-04-17
I have a problem with GPO not applying things the way I think they should be.  The problem I'm having is that when a non-administrator logs into the rd server they get their regular desktop.  If they click on the windows logo they go to the tiled page which includes things like administrative tools, control panel and other things that they shouldn't have access to.

I've gone through the local security policy and turned off everything, that shouldn't be there.  There is also a GPO specifically for remote users.

I've run the GP Modeling wizard and two things have got me wondering.
1.  Get this error AD/Sysvol  version mismatch.  This is supposed to be fixed by a rollup issued Jan 2014, which I have already installed.  I downloaded a hot fix, but that was supposed to have been included in the rollup, so I haven't installed it.

2. It says policy definitions (ADMX files) retrieved from local computer.  I'm wondering if I don't have all of the proper ADMX files.  For one thing the group policy talks about a deny access to control panel setting, which I can't find anywhere.

Should I download the full set of ADMX files from Microsoft?  I recall seeing that somewhere during my research.  Not sure what the next step should be at this point.
0
Comment
Question by:geekdad1
  • 3
  • 2
5 Comments
 
LVL 1

Author Comment

by:geekdad1
Comment Utility
I found and turned off the access to control panel.  However remote desktop still persists in displaying the tiles for control panel and administrative tools on the users desktop.  Not sure where to go next with this.  Need help.
0
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 500 total points
Comment Utility
Per this link:  http://social.technet.microsoft.com/Forums/en-US/a9203d90-8d22-43ac-963d-52412ac08414/new-server-2012-r2-getting-ad-sysvol-mismatch?forum=winserverGP

Try this,

To resolve this issue in Windows 8.1 and Windows Server 2012 R2, install update rollup 2919394. For more information about how to obtain this update rollup package, click the following article number to go to the article in the Microsoft Knowledge Base:  
2919394
      (http://support.microsoft.com/kb/2919394/            )    
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: February 2014

http://www.microsoft.com/en-us/download/details.aspx?id=41814 Update for Windows Server 2012 R2 (KB2919394)


How to obtain the update



Windows Update


This update is provided as an Optional update from Windows Update. To obtain this update from Windows Update, follow these steps: 1.Swipe in from the right edge of the screen, and then tap Search. Or, if you are using a mouse, point to the lower-right corner of the screen, and then click Search.
2.In the search box, type Windows Update, and then tap or click  Windows Update.
3.Check online for updates, and then select the update for KB2919394 in optional updates.

Microsoft Download Center


You can also obtain the stand-alone update package through the Microsoft Download Center. For more information, go to the Microsoft Download Center
      (http://download.microsoft.com/)    
, and then search for KB2919394.


http://www.microsoft.com/en-us/download/details.aspx?id=41814




Version:
 
Date Published:
 

2919394
 
2/10/2014
 

File name:
 
File size:
 

Windows8.1-KB2919394-x64.msu
 
47.0 MB
 
0
 
LVL 1

Author Comment

by:geekdad1
Comment Utility
Ran the update and it says.  Update for Windows (KB2919394) is already installed on this computer.  So it's not fixed by that update.

However I'm making some progress on this front.  So far a combination of Group Policy and security changes to the \programdata\microsoft\windows\start menu folder have removed a lot of the items that I wanted the users not to have access to.

Out of curiosity I logged in with a test account that I hadn't used since before I did all these GP updates and before I had setup User profile disks.  That account seems to be behaving properly.  Control panel is completely disabled which is what I was looking for.  thanks for your help.
0
 
LVL 1

Author Closing Comment

by:geekdad1
Comment Utility
Not the solution in my case, but it was well thought out and useful.
0
 
LVL 17

Expert Comment

by:Brad Bouchard
Comment Utility
Glad I could at least help you a little.
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Recently, I was assigned the task of performing a hardware refresh in the datacenter. The previous Windows 2008 systems were connected to the SAN via fiber channel HBA’s and among other thing, had PowerPath installed in order to provide sufficient f…
Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now