Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Course Of The Month
9 days, 7 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Windows 2012 R2 RDP questions
Posted on 2015-02-05
I just installed my first windows 2012 R2 server and this particular server will be my remote desktop server. I have it working, but have various questions:
1. On our old terminal server our group policy allowed users to sign on and provided the access. With the new RDP I had to go into the server and add this group to Remote Desktop users. Is this correct or was I missing something? (They couldn't sign on until I did that.)
2. Most of the rights are working from the group policy (they can't see the C drive) but all of those users can sign on to server manager and windows powershell - which they shouldn't be. How do I restrict that?
3. My printers should be loading when I remote in, but they aren't. What is causing that?
4. Our restricted users should be able to also print, but it looks like the only place to see printers is the control panel. They don't have access to that. How do you manage that?
1. On our old terminal server our group policy allowed users to sign on and provided the access. With the new RDP I had to go into the server and add this group to Remote Desktop users. Is this correct or was I missing something? (They couldn't sign on until I did that.)
2. Most of the rights are working from the group policy (they can't see the C drive) but all of those users can sign on to server manager and windows powershell - which they shouldn't be. How do I restrict that?
3. My printers should be loading when I remote in, but they aren't. What is causing that?
4. Our restricted users should be able to also print, but it looks like the only place to see printers is the control panel. They don't have access to that. How do you manage that?
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
4
2
6 Comments
1. On our old terminal server our group policy allowed users to sign on and provided the access. With the new RDP I had to go into the server and add this group to Remote Desktop users. Is this correct or was I missing something? (They couldn't sign on until I did that.)You'll need to show us the settings in this Group Policy which allowed them access to the old server in order for us to see why it didn't apply to the new server. If it's a computer level policy did you move the computer object for the 2012 R2 server into the OU where the Group policy is linked?
Through Group Policy :)
2. Most of the rights are working from the group policy (they can't see the C drive) but all of those users can sign on to server manager and windows powershell - which they shouldn't be. How do I restrict that?
See these links for the steps:
http://www.emware.nl/articles/remove-unpin-powershell-icon-from-taskbar.html
http://www.emware.nl/articles/remove-unpin-server-manager-icon-from-taskba.html
3. My printers should be loading when I remote in, but they aren't. What is causing that?You'll need to install the drivers for your printer on the 2012 R2 server. Alternatively you can look at using the Universal Printing feature that Microsoft introduced in 2008 R2 but I'm not a huge fan of this feature as it doesn't seem to work well with some printers. More information on this feature (including the requirements) can be found here: http://blogs.msdn.com/b/rds/archive/2009/09/28/using-remote-desktop-easy-print-in-windows-7-and-windows-server-2008-r2.aspx
4. Our restricted users should be able to also print, but it looks like the only place to see printers is the control panel. They don't have access to that. How do you manage that?Deploy the printers through Group Policy if these printers are network printers installed on a separate print server and shared from this server. Failing that you can always configure the Control Panel to only show Devices and Printers and nothing else through Group Policy.
Because of some high priorities items I wasn't able to get back to this. I did find out that terminal services wasn't installed properly so part of it had to be redone. The printers and drives are now displaying as they should. My problem is still server manager and power shell. I did go to the references you listed, but am not finding the machine policy. Is this part of the domain group policy or the local policy for that server? I googled it and found an MS doc that says machine policies are part of regedit - but I'm also not finding the right folder there either. Can you point me in the right direction??
One more update... I finally found the right option in the domain group policies. The server manager no longer shows, but the power shell still does. Not sure why those would be different, but they are.
Try adding these files to the policy and see how you go:
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell (x86).lnk
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE.lnk
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell ISE (x86).lnk
It turns out there had been issues with the way terminal services was installed. It had to be redone/completed properly. That has been accomplished, but now the server manager and power shell are showing for all remote users again. I have the group policy set up to prevent that - that was done on the domain side not the server side. But it isn't working at all.
Featured Post
Managing Active Directory does not always have to be complicated. If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
Citrix XenApp, Internet Explorer 11 set to Enterprise Mode and using central hosted sites.xml file.
- NetScaler
- Microsoft Legacy OS
- Citrix
- Windows OS
- Web Browsers
- Windows 7
You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
- Microsoft Legacy OS
- Windows 10
- Windows 8
- Windows OS
- Windows 7
- Windows Vista, Windows XP, Windows 2000
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs.
Launch Data Protection Manager from the deskt…
Suggested Courses
Earn Certification
HTML5 Specialist - Certification
Free withPremium
Course of the Month9 days, 7 hours left to enroll
623 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.