Improve company productivity with a Business Account.Sign Up

x
?
Solved

Hide "RUN" Command from all terminal server users but still display for administrator

Posted on 2015-01-06
4
Medium Priority
?
196 Views
Last Modified: 2015-04-10
I have just setup a new windows 2008 R2 Terminal server and set it up on the domain. I would like to know the best way to hide the "Run" Command in the start menu using the local machines group policy editor?

Please bear in mind i WOULD like it to still display for the domain/local administrator.
0
Comment
Question by:IT_Field_Technician
  • 2
4 Comments
 
LVL 12

Accepted Solution

by:
Maclean earned 2000 total points
ID: 40534506
Separate Terminal Users from Administrators on the AD, and apply the group policy for disabling run command to the Terminal Users OU only. This will only remove it for users who are listed in the terminal server users OU (Or whatever the OU might be named)

User Configuration\\Policies\\AdministrativeTemplates\\Start Menu & Taskbar\\Remove Run menu from Start Menu

Source for GPO location here: http://technet.microsoft.com/en-us/library/cc940457.aspx
0
 

Author Comment

by:IT_Field_Technician
ID: 40534684
Will this work on local group policy or are you talking about the domain group policy?
0
 
LVL 12

Expert Comment

by:Maclean
ID: 40534715
I was referring to domain group policy. Apologies, I forgot to ask why you wanted the local policies, and abbreviate that I meant group ones as this is easier to maintain and manage.

Though I can understand there there are scenario's in which local could be preferred.

NOTE If you wish to use local policies regardless than open up the MMC console, and add the Group Policy Object Editor.
When adding this select "Browse" >> Users >> Non-Administrators

In here select user Config\\Administrative Templates\\Start Menu and Taskbar>>Remove Run menu from Start Menu

If all your users are local admins, you might need to add a new local user group first, and add the members to that group.
Then when done, select the new user group rather than non-Administrators.

I believe this should work from memory.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40534843
All you need to do is ensure that the security filtering is set properly and that the users are part of a defined security group. Administrator or not if there is a GPO in place and they are part of the security filtering for that GPO it will apply.

Just make sure that your account and any other accounts you do not want to have the GPO applied to are not part of the security filtering group.

Will.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
A procedure for exporting installed hotfix details of remote computers using powershell
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question