Solved

Removing search function from Server 2012 R2 RDS via GPO

Posted on 2015-02-19
3
856 Views
Last Modified: 2015-03-08
Hi all,

    I have been working to lock down some 2012 RDS servers via GPO. I have everything locked down as I would like, accept I can not get the windows search future disabled, no matter what I try. Please see attached image for items disabled. I have am referring to the search that appears when users hover over the bottom right corner, and the search feature when users click the start menu and start typing anything.

What I need to accomplish still:

1.) Remove search all together.

2.) I also would like to know if it is possible to disable the start menu and charms all together, so that all users have is a desktop.

3.) I have configured the policy to prevent access to C volume, but user profiles are local and the can not access Documents. I need to prevent access to C volume, but allow access to their documents folder. Usually I would use folder redirection but the client wants local profiles. Is this possible? .

4.) I need to pin items to the taskbar for all users. I have tried adding items to "C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" but when a new profile created there is nothing on the taskbar. I may have disabled this in a GPO setting, I have so many settings in there but not will look for where I may have blocked taskbar icons. However, I tried adding directly to "C:\Users\mycurrentuser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" who the policy does not apply to and the the icon still does not show up.

Thanks in advance.
1.JPG
2.JPG
0
Comment
Question by:CCtech
  • 2
3 Comments
 
LVL 54

Assisted Solution

by:McKnife
McKnife earned 500 total points
ID: 40623254
1 you can't. But see 2
2 you can setup kiosk mode but that would mean you limit users to certain modern apps, see http://blogs.msdn.com/b/hyperyash/archive/2013/10/25/enable-kiosk-mode-in-windows-8-1.aspx "log back into the machine with the local account (KioskUser) and you will see that the machine launches into Kiosk Mode and the assigned app opens directly. The user can neither drag the application down to close it, nor the charms or any other shortcuts will work"
3 Define ACLs on folders so that users can only access what they need. You cannot make whole c: read-only altogether.
4 Some options are shown here: https://deploymentpros.wordpress.com/2013/11/02/management-and-customization-of-the-windows-8-1-start-screen/ but those concern the start screen, not the task bar. Maybe interesting, anyway. What I would do: configure a win profile to your likings and then use defprof http://www.forensit.com/support-downloads.html#DefProf (a freeware) to set it the default profile. Then, you could even use imagex to build another setup disk (that is another install.wim file) that has all this included.
0
 
LVL 1

Accepted Solution

by:
CCtech earned 0 total points
ID: 40642835
Thank you McKnife. We could not use KIOSK mode since it uses local accounts, and these are RDS servers. It's sad that Microsoft does not provide us the option to disable search. We ended up using a third party utility, Classic Shell. This has ADMX templates and allowed us to lock down everything how we wanted, and provide users the classic start menu. It also lets you put shortcuts in a folder, say C:\standardprograms and provide only these links to users in the start menu. Also, it is free for commercial use.
0
 
LVL 1

Author Closing Comment

by:CCtech
ID: 40652305
Classic Shell allowed us to accomplish everything we needed.
0

Featured Post

Optimizing Cloud Backup for Low Bandwidth

With cloud storage prices going down a growing number of SMBs start to use it for backup storage. Unfortunately, business data volume rarely fits the average Internet speed. This article provides an overview of main Internet speed challenges and reveals backup best practices.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question