Solved

Hide "RUN" Command from all terminal server users but still display for administrator

Posted on 2015-01-06
4
172 Views
Last Modified: 2015-04-10
I have just setup a new windows 2008 R2 Terminal server and set it up on the domain. I would like to know the best way to hide the "Run" Command in the start menu using the local machines group policy editor?

Please bear in mind i WOULD like it to still display for the domain/local administrator.
0
Comment
Question by:IT_Field_Technician
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
Maclean earned 500 total points
ID: 40534506
Separate Terminal Users from Administrators on the AD, and apply the group policy for disabling run command to the Terminal Users OU only. This will only remove it for users who are listed in the terminal server users OU (Or whatever the OU might be named)

User Configuration\\Policies\\AdministrativeTemplates\\Start Menu & Taskbar\\Remove Run menu from Start Menu

Source for GPO location here: http://technet.microsoft.com/en-us/library/cc940457.aspx
0
 

Author Comment

by:IT_Field_Technician
ID: 40534684
Will this work on local group policy or are you talking about the domain group policy?
0
 
LVL 10

Expert Comment

by:Maclean
ID: 40534715
I was referring to domain group policy. Apologies, I forgot to ask why you wanted the local policies, and abbreviate that I meant group ones as this is easier to maintain and manage.

Though I can understand there there are scenario's in which local could be preferred.

NOTE If you wish to use local policies regardless than open up the MMC console, and add the Group Policy Object Editor.
When adding this select "Browse" >> Users >> Non-Administrators

In here select user Config\\Administrative Templates\\Start Menu and Taskbar>>Remove Run menu from Start Menu

If all your users are local admins, you might need to add a new local user group first, and add the members to that group.
Then when done, select the new user group rather than non-Administrators.

I believe this should work from memory.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40534843
All you need to do is ensure that the security filtering is set properly and that the users are part of a defined security group. Administrator or not if there is a GPO in place and they are part of the security filtering for that GPO it will apply.

Just make sure that your account and any other accounts you do not want to have the GPO applied to are not part of the security filtering group.

Will.
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through locating and launching the BEUtility application and how to execute it on the appropriate database. Log onto the server running the Backup Exec database. In a larger environment, this would generally be …
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now