[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 195
  • Last Modified:

Hide "RUN" Command from all terminal server users but still display for administrator

I have just setup a new windows 2008 R2 Terminal server and set it up on the domain. I would like to know the best way to hide the "Run" Command in the start menu using the local machines group policy editor?

Please bear in mind i WOULD like it to still display for the domain/local administrator.
0
IT_Field_Technician
Asked:
IT_Field_Technician
  • 2
1 Solution
 
MacleanSystem EngineerCommented:
Separate Terminal Users from Administrators on the AD, and apply the group policy for disabling run command to the Terminal Users OU only. This will only remove it for users who are listed in the terminal server users OU (Or whatever the OU might be named)

User Configuration\\Policies\\AdministrativeTemplates\\Start Menu & Taskbar\\Remove Run menu from Start Menu

Source for GPO location here: http://technet.microsoft.com/en-us/library/cc940457.aspx
0
 
IT_Field_TechnicianAuthor Commented:
Will this work on local group policy or are you talking about the domain group policy?
0
 
MacleanSystem EngineerCommented:
I was referring to domain group policy. Apologies, I forgot to ask why you wanted the local policies, and abbreviate that I meant group ones as this is easier to maintain and manage.

Though I can understand there there are scenario's in which local could be preferred.

NOTE If you wish to use local policies regardless than open up the MMC console, and add the Group Policy Object Editor.
When adding this select "Browse" >> Users >> Non-Administrators

In here select user Config\\Administrative Templates\\Start Menu and Taskbar>>Remove Run menu from Start Menu

If all your users are local admins, you might need to add a new local user group first, and add the members to that group.
Then when done, select the new user group rather than non-Administrators.

I believe this should work from memory.
0
 
Will SzymkowskiSenior Solution ArchitectCommented:
All you need to do is ensure that the security filtering is set properly and that the users are part of a defined security group. Administrator or not if there is a GPO in place and they are part of the security filtering for that GPO it will apply.

Just make sure that your account and any other accounts you do not want to have the GPO applied to are not part of the security filtering group.

Will.
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now