Solved

Hide "RUN" Command from all terminal server users but still display for administrator

Posted on 2015-01-06
4
182 Views
Last Modified: 2015-04-10
I have just setup a new windows 2008 R2 Terminal server and set it up on the domain. I would like to know the best way to hide the "Run" Command in the start menu using the local machines group policy editor?

Please bear in mind i WOULD like it to still display for the domain/local administrator.
0
Comment
Question by:IT_Field_Technician
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 11

Accepted Solution

by:
Maclean earned 500 total points
ID: 40534506
Separate Terminal Users from Administrators on the AD, and apply the group policy for disabling run command to the Terminal Users OU only. This will only remove it for users who are listed in the terminal server users OU (Or whatever the OU might be named)

User Configuration\\Policies\\AdministrativeTemplates\\Start Menu & Taskbar\\Remove Run menu from Start Menu

Source for GPO location here: http://technet.microsoft.com/en-us/library/cc940457.aspx
0
 

Author Comment

by:IT_Field_Technician
ID: 40534684
Will this work on local group policy or are you talking about the domain group policy?
0
 
LVL 11

Expert Comment

by:Maclean
ID: 40534715
I was referring to domain group policy. Apologies, I forgot to ask why you wanted the local policies, and abbreviate that I meant group ones as this is easier to maintain and manage.

Though I can understand there there are scenario's in which local could be preferred.

NOTE If you wish to use local policies regardless than open up the MMC console, and add the Group Policy Object Editor.
When adding this select "Browse" >> Users >> Non-Administrators

In here select user Config\\Administrative Templates\\Start Menu and Taskbar>>Remove Run menu from Start Menu

If all your users are local admins, you might need to add a new local user group first, and add the members to that group.
Then when done, select the new user group rather than non-Administrators.

I believe this should work from memory.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40534843
All you need to do is ensure that the security filtering is set properly and that the users are part of a defined security group. Administrator or not if there is a GPO in place and they are part of the security filtering for that GPO it will apply.

Just make sure that your account and any other accounts you do not want to have the GPO applied to are not part of the security filtering group.

Will.
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Remote Desktop Connections allow you to control remote host machines via the magic of the Internet and RDP (Remote Desktop Protocol). For the purposes of this article we will assume you are connecting from your home PC or laptop to a remote offic…
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question