GPO to disable server manager icon does not restrict access for users

windows-server-2008-r2 group-policy
24,284

Solution 1

If the users have already logged in, those shortcuts will still appear to them. You need to configure this before they log in or delete their local profile. New users logging in should not see these icons.

This will not restrict access to these executables though. If you want to keep the Start Menu and Taskbar tidy, this is fine. If you want to limit what they can launch, you should use a software restriction policy or applocker update through GPO to whitelist only what you want running on that machine.

Solution 2

Do this to simplify your life:

Go the the GPO in question, edit it and go to the following:

User COnfiguration/policies/Administrative Templates/system

Enable: Don't run specified Windows Applications

In that other also click on Show disallowed apps, and add the following:

ServerManager.exe
cmd.exe
powershell.exe

Apply and log off and on depending on the replication of server may take up to an hour to replicate, if that fails do a GPupdate /force.

This will prevent users from accessing the server manager, remember that the Administrator should not be part of the GPO you are setting up.

Share:
24,284

Related videos on Youtube

Kernel Panic
Author by

Kernel Panic

Updated on September 18, 2022

Comments

  • Kernel Panic
    Kernel Panic almost 2 years

    I have two servers in a domain, running on VMWare. WS2K8R2 domain controller and Server 2012 RD Session host. I want to disable/remove the server manager and powershell icons from the taskbar, and make them inaccessible to users.

    I have configure group policy Computer Configuration > Policies > Windows Settings > Security Settings > File System and made these entries:

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Server Manager.lnk

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk

    Removed Creator Owner and Users from the permissions and run gpupdate.

    Users still have those icons available and clicking on them opens up those applications. There are additional GPO's that are active and do work.

    Is there something else I need to check?

    Thank you

  • Kernel Panic
    Kernel Panic over 11 years
    That was it. I was testing the GPO results with the same user account and had already logged in. Much obliged.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Can a GPO be exported from one server and imported into another?
Remote Desktop Services: start a program on connection within desktop environment
Why only one PC is not updating the GPO?
Local group policy not applying (gpresult says its empty, but it's not)
Remove Server Manager and Powershell icons from the Taskbar
Windows Server 2008 R2: Hide My Network Places in win-explorer on client machines and show mapped drives to access network resources
How do I configure IE10 Group Policy Settings on Server 2008 R2?
Default program for opening file with Group Policy
Server 2008 GPO To Use Small Taskbar Icons
GPO not applying to Clients