Tag Archives: gp

RDS Server – Remove the Shutdown Command

Posted on by

KB ID 0000499 

Problem

I’m surprised that when you make a server a Terminal Services Server / Remote Desktop Services Server, that this does not get applied from an administrative template anyway, but it does not.

Why would you want to do this? Well users are used to hitting Start > Shutdown, when they are finished working, which is fine, unless they are in a terminal session with 500 other users and they’ve just issued a shutdown command to the server!

Solution

The simplest way to do this is run gpedit.msc on the server itself and remove shutdown through local group policy, but a far more elegant solution is create a domain group policy for the TS Server(s).

1. On a domain controller,  launch the “Group Policy Management Console”. Create a policy, and link it to the OU that contains the Terminal Servers, you want to enforce the policy on, (Or edit an existing policy linked toy them).

2. Now remove the shutdown is a USER policy, and this is a COMPUTER policy we are writing, so it wont work unless we turn on “Loopback processing”. Navigate to Computer Configuration > Administrative Templates > System > Group Policy > User Group Policy loopback processing. (Note: On 2016 It will be called, ‘Configure user Group Policy loopback processing mode’.)

3. In most cases you will already have user policies applied to your users, if so you will want to “Merge” this with them rather than replace them > Apply > OK.

4. Now to remove the Shutdown command. Navigate to User Configuration > Administrative Templates > Start Menu and Taskbar > Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate Commands.

5. Enable > Apply > OK.

6. Then either reboot the TS Server(s), wait a couple of hours or run “gpupdate /force” on them.

 

Related Articles, References, Credits, or External Links

NA

Deploying Printers with Group Policy Preferences

Posted on by

KB ID 0000492

Problem

I’ve touched on this briefly in KB0000389, I suggest you read through that first so you understand what the requirements are to deploy a GPP instead of the GPO’s you are probably used to.

Solution

1. First thing to do is install the printer that needs deploying on a print server. Make sure if your clients are NOT x64 bit that you also add the x86 drivers for your clients to use.

How to tell if a machine is x86 (32 bit) or x64 (64 bit).

2. The following is a “Gotcha” (especially on HP printers), on the Printer Properties page, General tab > Select “Print Processor” > Ensure it’s set to winprint and RAW.

3. On a domain controller, Start > administrative tools > Group Policy Editor > Either edit an existing policy or create a new one (Remember its a computer policy you need to link it to something with computers in it, if you link it to a users OU nothing will happen).

4. Give the policy a sensible name.

5. Edit the policy you have just created.

6. Navigate to > Computer Configuration > Preferences > Control Panel Settings > Printers > In the right hand window, right click > New > TCP/IP Printer.

7. Select Create > I prefer to use the IP address of the printer but you can use the DNS name if you wish > The Local Name is what the client will see > Enter the Path to the printer (In UNC format) > You can also enter a location and comment if you wish > Apply > OK.

8. All being well you should see the printer listed.

9. Now for another “Gotcha” in the same policy navigate to > Computer Configuration > Policies > Administrative Templates > Printers > Locate the “Point and Print Restrictions” policy.

10. Change the settings for this policy so that it is disabled.

12. Close the Policy editor, then either reboot the clients, wait a couple of hours, or manually run “gpupdate /force” on them.

 

Related Articles, References, Credits, or External Links

Server 2008 Group Policy Preferences and Client Side Extensions