Windows 2012 R2 RDP questions
I just installed my first windows 2012 R2 server and this particular server will be my remote desktop server. I have it working, but have various questions:
1. On our old terminal server our group policy allowed users to sign on and provided the access. With the new RDP I had to go into the server and add this group to Remote Desktop users. Is this correct or was I missing something? (They couldn't sign on until I did that.)
2. Most of the rights are working from the group policy (they can't see the C drive) but all of those users can sign on to server manager and windows powershell - which they shouldn't be. How do I restrict that?
3. My printers should be loading when I remote in, but they aren't. What is causing that?
4. Our restricted users should be able to also print, but it looks like the only place to see printers is the control panel. They don't have access to that. How do you manage that?
1. On our old terminal server our group policy allowed users to sign on and provided the access. With the new RDP I had to go into the server and add this group to Remote Desktop users. Is this correct or was I missing something? (They couldn't sign on until I did that.)
2. Most of the rights are working from the group policy (they can't see the C drive) but all of those users can sign on to server manager and windows powershell - which they shouldn't be. How do I restrict that?
3. My printers should be loading when I remote in, but they aren't. What is causing that?
4. Our restricted users should be able to also print, but it looks like the only place to see printers is the control panel. They don't have access to that. How do you manage that?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Because of some high priorities items I wasn't able to get back to this. I did find out that terminal services wasn't installed properly so part of it had to be redone. The printers and drives are now displaying as they should. My problem is still server manager and power shell. I did go to the references you listed, but am not finding the machine policy. Is this part of the domain group policy or the local policy for that server? I googled it and found an MS doc that says machine policies are part of regedit - but I'm also not finding the right folder there either. Can you point me in the right direction??
ASKER
One more update... I finally found the right option in the domain group policies. The server manager no longer shows, but the power shell still does. Not sure why those would be different, but they are.
Try adding these files to the policy and see how you go:
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell (x86).lnk
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE (x86).lnkASKER
It turns out there had been issues with the way terminal services was installed. It had to be redone/completed properly. That has been accomplished, but now the server manager and power shell are showing for all remote users again. I have the group policy set up to prevent that - that was done on the domain side not the server side. But it isn't working at all.
ASKER