Solved

Hide "RUN" Command from all terminal server users but still display for administrator

Posted on 2015-01-06
4
178 Views
Last Modified: 2015-04-10
I have just setup a new windows 2008 R2 Terminal server and set it up on the domain. I would like to know the best way to hide the "Run" Command in the start menu using the local machines group policy editor?

Please bear in mind i WOULD like it to still display for the domain/local administrator.
0
Comment
Question by:IT_Field_Technician
  • 2
4 Comments
 
LVL 10

Accepted Solution

by:
Maclean earned 500 total points
ID: 40534506
Separate Terminal Users from Administrators on the AD, and apply the group policy for disabling run command to the Terminal Users OU only. This will only remove it for users who are listed in the terminal server users OU (Or whatever the OU might be named)

User Configuration\\Policies\\AdministrativeTemplates\\Start Menu & Taskbar\\Remove Run menu from Start Menu

Source for GPO location here: http://technet.microsoft.com/en-us/library/cc940457.aspx
0
 

Author Comment

by:IT_Field_Technician
ID: 40534684
Will this work on local group policy or are you talking about the domain group policy?
0
 
LVL 10

Expert Comment

by:Maclean
ID: 40534715
I was referring to domain group policy. Apologies, I forgot to ask why you wanted the local policies, and abbreviate that I meant group ones as this is easier to maintain and manage.

Though I can understand there there are scenario's in which local could be preferred.

NOTE If you wish to use local policies regardless than open up the MMC console, and add the Group Policy Object Editor.
When adding this select "Browse" >> Users >> Non-Administrators

In here select user Config\\Administrative Templates\\Start Menu and Taskbar>>Remove Run menu from Start Menu

If all your users are local admins, you might need to add a new local user group first, and add the members to that group.
Then when done, select the new user group rather than non-Administrators.

I believe this should work from memory.
0
 
LVL 53

Expert Comment

by:Will Szymkowski
ID: 40534843
All you need to do is ensure that the security filtering is set properly and that the users are part of a defined security group. Administrator or not if there is a GPO in place and they are part of the security filtering for that GPO it will apply.

Just make sure that your account and any other accounts you do not want to have the GPO applied to are not part of the security filtering group.

Will.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
A procedure for exporting installed hotfix details of remote computers using powershell
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question