Solved

GPO problems with RDS and server 2012 R2

Posted on 2014-04-15
5
1,840 Views
Last Modified: 2014-04-17
I have a problem with GPO not applying things the way I think they should be.  The problem I'm having is that when a non-administrator logs into the rd server they get their regular desktop.  If they click on the windows logo they go to the tiled page which includes things like administrative tools, control panel and other things that they shouldn't have access to.

I've gone through the local security policy and turned off everything, that shouldn't be there.  There is also a GPO specifically for remote users.

I've run the GP Modeling wizard and two things have got me wondering.
1.  Get this error AD/Sysvol  version mismatch.  This is supposed to be fixed by a rollup issued Jan 2014, which I have already installed.  I downloaded a hot fix, but that was supposed to have been included in the rollup, so I haven't installed it.

2. It says policy definitions (ADMX files) retrieved from local computer.  I'm wondering if I don't have all of the proper ADMX files.  For one thing the group policy talks about a deny access to control panel setting, which I can't find anywhere.

Should I download the full set of ADMX files from Microsoft?  I recall seeing that somewhere during my research.  Not sure what the next step should be at this point.
0
Comment
Question by:geekdad1
  • 3
  • 2
5 Comments
 
LVL 1

Author Comment

by:geekdad1
ID: 40004522
I found and turned off the access to control panel.  However remote desktop still persists in displaying the tiles for control panel and administrative tools on the users desktop.  Not sure where to go next with this.  Need help.
0
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 500 total points
ID: 40005253
Per this link:  http://social.technet.microsoft.com/Forums/en-US/a9203d90-8d22-43ac-963d-52412ac08414/new-server-2012-r2-getting-ad-sysvol-mismatch?forum=winserverGP

Try this,

To resolve this issue in Windows 8.1 and Windows Server 2012 R2, install update rollup 2919394. For more information about how to obtain this update rollup package, click the following article number to go to the article in the Microsoft Knowledge Base:  
2919394
      (http://support.microsoft.com/kb/2919394/            )    
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: February 2014

http://www.microsoft.com/en-us/download/details.aspx?id=41814 Update for Windows Server 2012 R2 (KB2919394)


How to obtain the update



Windows Update


This update is provided as an Optional update from Windows Update. To obtain this update from Windows Update, follow these steps: 1.Swipe in from the right edge of the screen, and then tap Search. Or, if you are using a mouse, point to the lower-right corner of the screen, and then click Search.
2.In the search box, type Windows Update, and then tap or click  Windows Update.
3.Check online for updates, and then select the update for KB2919394 in optional updates.

Microsoft Download Center


You can also obtain the stand-alone update package through the Microsoft Download Center. For more information, go to the Microsoft Download Center
      (http://download.microsoft.com/)    
, and then search for KB2919394.


http://www.microsoft.com/en-us/download/details.aspx?id=41814




Version:
 
Date Published:
 

2919394
 
2/10/2014
 

File name:
 
File size:
 

Windows8.1-KB2919394-x64.msu
 
47.0 MB
 
0
 
LVL 1

Author Comment

by:geekdad1
ID: 40005479
Ran the update and it says.  Update for Windows (KB2919394) is already installed on this computer.  So it's not fixed by that update.

However I'm making some progress on this front.  So far a combination of Group Policy and security changes to the \programdata\microsoft\windows\start menu folder have removed a lot of the items that I wanted the users not to have access to.

Out of curiosity I logged in with a test account that I hadn't used since before I did all these GP updates and before I had setup User profile disks.  That account seems to be behaving properly.  Control panel is completely disabled which is what I was looking for.  thanks for your help.
0
 
LVL 1

Author Closing Comment

by:geekdad1
ID: 40005480
Not the solution in my case, but it was well thought out and useful.
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 40006645
Glad I could at least help you a little.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
DNS Settings for Domain controllers 22 110
track email deletion in publich folders EX2013 9 32
DFS-R questions 4 22
DNS issue with resolving request 14 85
Understanding the various editions available is vital when you decide to purchase Windows Server 2012. You need to have a basic understanding of the features and limitations in each edition in order to make a well-informed decision that best suits y…
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This tutorial will walk an individual through the process of installing of Data Protection Manager on a server running Windows Server 2012 R2, including the prerequisites. Microsoft .Net 3.5 is required. To install this feature, go to Server Manager…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question