Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Removing search function from Server 2012 R2 RDS via GPO

Posted on 2015-02-19
3
Medium Priority
?
1,184 Views
Last Modified: 2015-03-08
Hi all,

    I have been working to lock down some 2012 RDS servers via GPO. I have everything locked down as I would like, accept I can not get the windows search future disabled, no matter what I try. Please see attached image for items disabled. I have am referring to the search that appears when users hover over the bottom right corner, and the search feature when users click the start menu and start typing anything.

What I need to accomplish still:

1.) Remove search all together.

2.) I also would like to know if it is possible to disable the start menu and charms all together, so that all users have is a desktop.

3.) I have configured the policy to prevent access to C volume, but user profiles are local and the can not access Documents. I need to prevent access to C volume, but allow access to their documents folder. Usually I would use folder redirection but the client wants local profiles. Is this possible? .

4.) I need to pin items to the taskbar for all users. I have tried adding items to "C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" but when a new profile created there is nothing on the taskbar. I may have disabled this in a GPO setting, I have so many settings in there but not will look for where I may have blocked taskbar icons. However, I tried adding directly to "C:\Users\mycurrentuser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" who the policy does not apply to and the the icon still does not show up.

Thanks in advance.
1.JPG
2.JPG
0
Comment
Question by:CCtech
  • 2
3 Comments
 
LVL 57

Assisted Solution

by:McKnife
McKnife earned 2000 total points
ID: 40623254
1 you can't. But see 2
2 you can setup kiosk mode but that would mean you limit users to certain modern apps, see http://blogs.msdn.com/b/hyperyash/archive/2013/10/25/enable-kiosk-mode-in-windows-8-1.aspx "log back into the machine with the local account (KioskUser) and you will see that the machine launches into Kiosk Mode and the assigned app opens directly. The user can neither drag the application down to close it, nor the charms or any other shortcuts will work"
3 Define ACLs on folders so that users can only access what they need. You cannot make whole c: read-only altogether.
4 Some options are shown here: https://deploymentpros.wordpress.com/2013/11/02/management-and-customization-of-the-windows-8-1-start-screen/ but those concern the start screen, not the task bar. Maybe interesting, anyway. What I would do: configure a win profile to your likings and then use defprof http://www.forensit.com/support-downloads.html#DefProf (a freeware) to set it the default profile. Then, you could even use imagex to build another setup disk (that is another install.wim file) that has all this included.
0
 
LVL 1

Accepted Solution

by:
CCtech earned 0 total points
ID: 40642835
Thank you McKnife. We could not use KIOSK mode since it uses local accounts, and these are RDS servers. It's sad that Microsoft does not provide us the option to disable search. We ended up using a third party utility, Classic Shell. This has ADMX templates and allowed us to lock down everything how we wanted, and provide users the classic start menu. It also lets you put shortcuts in a folder, say C:\standardprograms and provide only these links to users in the start menu. Also, it is free for commercial use.
0
 
LVL 1

Author Closing Comment

by:CCtech
ID: 40652305
Classic Shell allowed us to accomplish everything we needed.
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Detailed instructions on how to install an Access add-in in recent versions of Office and Windows (with screen shots)
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question