Disable metro on Windows Server 2012 RDS Session host with GPO?
No, you can't disable Metro in 2012. MS has decided tghat this was the new UI and you have no choice about that.
However, for your specific problem, it shouldn't be an issue: unless you've given your users more rights than they should have, they might see some admin tools but they won't be able to use them to affect anything but their own environment.
For instance, unless you've disabled it by GPO, regular users can still see (and start) regedit but they will be unable to modify any of the keys in the HKLM hive and won't be able to see some of them at all.
Related videos on Youtube
03 : 53
03 : 30
11 : 49
08 : 13
01 : 22
David
Updated on September 18, 2022Comments
-
David almost 2 years
I wonder if it's possible to disable the metro completely on a Windows server 2012 RD Session host, preferably through group policies.
I need to do this because I haven't figured out a way to lock down all the administrative tools that the users should not be able to run (or see).
I have removed them from startmenu by deleteing the
C:\programdata\Microsoft\Windows\Start Menu\Programs\Administrative Toolsbut if a user searches for a program in the application list of metro, he can still run it...Any ideas? Tried to google it.
-
David about 11 yearsThank's for your comment. That's bad. I don't understand why they would do that. However I'm still going to take a look at AppLocker or something similar in order to get my environment back as my users are familiar with.
-
Stephane about 11 yearsOn way to do that is to use remoteApp (or citrix) and only publish the applications you want your users to have access to. -
David about 11 yearsYes and no. In order for published applications to work, the host server needs to accept remote connections, since published applications are running on the same protocol. So my users are still able to connect to the server through
mstsc.exeand make a mess... -
Stephane about 11 yearsThere are many solutions for this, althpough none are perfect or even sanctioned by MS. You can also use Citrix XenApp instead which has this feature integrated (and a far better security model regarding connections). Ultimately, though, it shouldn't matter: if you've locked down the desktop properly, your users simply can't mess it up.