I have two servers in a domain, running on VMWare. WS2K8R2 domain controller and Server 2012 RD Session host. I want to disable/remove the server manager and powershell icons from the taskbar, and make them inaccessible to users.
I have configure group policy Computer Configuration > Policies > Windows Settings > Security Settings > File System and made these entries:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell (x86).lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Server Manager.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk
Removed Creator Owner and Users from the permissions and run gpupdate.
Users still have those icons available and clicking on them opens up those applications. There are additional GPO's that are active and do work.
Is there something else I need to check?
Thank you
Best Answer
If the users have already logged in, those shortcuts will still appear to them. You need to configure this before they log in or delete their local profile. New users logging in should not see these icons.
This will not restrict access to these executables though. If you want to keep the Start Menu and Taskbar tidy, this is fine. If you want to limit what they can launch, you should use a software restriction policy or applocker update through GPO to whitelist only what you want running on that machine.