Solved

GPO problems with RDS and server 2012 R2

Posted on 2014-04-15
5
1,824 Views
Last Modified: 2014-04-17
I have a problem with GPO not applying things the way I think they should be.  The problem I'm having is that when a non-administrator logs into the rd server they get their regular desktop.  If they click on the windows logo they go to the tiled page which includes things like administrative tools, control panel and other things that they shouldn't have access to.

I've gone through the local security policy and turned off everything, that shouldn't be there.  There is also a GPO specifically for remote users.

I've run the GP Modeling wizard and two things have got me wondering.
1.  Get this error AD/Sysvol  version mismatch.  This is supposed to be fixed by a rollup issued Jan 2014, which I have already installed.  I downloaded a hot fix, but that was supposed to have been included in the rollup, so I haven't installed it.

2. It says policy definitions (ADMX files) retrieved from local computer.  I'm wondering if I don't have all of the proper ADMX files.  For one thing the group policy talks about a deny access to control panel setting, which I can't find anywhere.

Should I download the full set of ADMX files from Microsoft?  I recall seeing that somewhere during my research.  Not sure what the next step should be at this point.
0
Comment
Question by:geekdad1
  • 3
  • 2
5 Comments
 
LVL 1

Author Comment

by:geekdad1
ID: 40004522
I found and turned off the access to control panel.  However remote desktop still persists in displaying the tiles for control panel and administrative tools on the users desktop.  Not sure where to go next with this.  Need help.
0
 
LVL 17

Accepted Solution

by:
Brad Bouchard earned 500 total points
ID: 40005253
Per this link:  http://social.technet.microsoft.com/Forums/en-US/a9203d90-8d22-43ac-963d-52412ac08414/new-server-2012-r2-getting-ad-sysvol-mismatch?forum=winserverGP

Try this,

To resolve this issue in Windows 8.1 and Windows Server 2012 R2, install update rollup 2919394. For more information about how to obtain this update rollup package, click the following article number to go to the article in the Microsoft Knowledge Base:  
2919394
      (http://support.microsoft.com/kb/2919394/            )    
Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2 update rollup: February 2014

http://www.microsoft.com/en-us/download/details.aspx?id=41814 Update for Windows Server 2012 R2 (KB2919394)


How to obtain the update



Windows Update


This update is provided as an Optional update from Windows Update. To obtain this update from Windows Update, follow these steps: 1.Swipe in from the right edge of the screen, and then tap Search. Or, if you are using a mouse, point to the lower-right corner of the screen, and then click Search.
2.In the search box, type Windows Update, and then tap or click  Windows Update.
3.Check online for updates, and then select the update for KB2919394 in optional updates.

Microsoft Download Center


You can also obtain the stand-alone update package through the Microsoft Download Center. For more information, go to the Microsoft Download Center
      (http://download.microsoft.com/)    
, and then search for KB2919394.


http://www.microsoft.com/en-us/download/details.aspx?id=41814




Version:
 
Date Published:
 

2919394
 
2/10/2014
 

File name:
 
File size:
 

Windows8.1-KB2919394-x64.msu
 
47.0 MB
 
0
 
LVL 1

Author Comment

by:geekdad1
ID: 40005479
Ran the update and it says.  Update for Windows (KB2919394) is already installed on this computer.  So it's not fixed by that update.

However I'm making some progress on this front.  So far a combination of Group Policy and security changes to the \programdata\microsoft\windows\start menu folder have removed a lot of the items that I wanted the users not to have access to.

Out of curiosity I logged in with a test account that I hadn't used since before I did all these GP updates and before I had setup User profile disks.  That account seems to be behaving properly.  Control panel is completely disabled which is what I was looking for.  thanks for your help.
0
 
LVL 1

Author Closing Comment

by:geekdad1
ID: 40005480
Not the solution in my case, but it was well thought out and useful.
0
 
LVL 17

Expert Comment

by:Brad Bouchard
ID: 40006645
Glad I could at least help you a little.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes drives fill up and we don't know why.  If you don't understand the best way to use the tools available, you may end up being stumped as to why your drive says it's not full when you have no space left!  Here's how you can find out...
Resolve DNS query failed errors for Exchange
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now