![Server Server](/uploads/1/2/3/7/123733740/894610325.jpg)
viveknayyar007
Splendid
Moderator
- Apr 25, 2013
- 3,123
- 8
- 23,215
- 1,042
Tour Start here for a quick overview of the site. Disable Server Manager from startup for Remote Desktop users with GPO for no MMC. GPO to disable server manager icon does not restrict access for users. BGInfo and WMI Filter. GPO - Set Desktop Background But allow users to change.
While working with an organization for which the security is a major concern, many times the administrators might not want the end-users to perform various tasks that might be harmful for the computer or the whole network infrastructure if anything goes bad.When the Task Manager is disabled on all the client computers, the administrators can remain assured that those users would not be able to make inappropriate changes in the operating system, at least through the Task Manager.
Although the Task Manager can be easily disabled by going to each computer individually and accessing the group policy is of that particular system, this is a very time taking and tedious process and also it is not practical when it comes to configuring hundreds and thousands of computers.
Well, the above task can be done easily through Group Policy Management console.
Here is what you need to do in order to get the job:
- ■Log on to the Windows Server 2012 Active Directory domain controller with the Enterprise Admin for Domain Admin account.
■If not already started, initialize the Server Manager window by clicking its icon from the bottom left corner of the window in the taskbar.
■On the opened Server Manager window, from the top right corner, click Tools from the menu bar.
■On the displayed list, go to Group Policy Management.
■On the opened Group Policy Management console, from the left pane, expand Forest > Domains, and then expand the domain name. (MYDOMAIN.COM for this demonstration.).
■From the expanded list, right-click the domain name.
■From the displayed context menu, click the Create a GPO in this domain, and Link it here option.
■On the opened New GPO box, specify a self-explanatory name for the GPO in the Name field.
■From the Source Starter GPO drop-down list, choose a starter GPO of your choice if you have created any.
■Once done, click OK to create and link the new GPO to the target domain or OU.
■Once this is done, right-click the newly created GPO.
■From the displayed context menu, click Edit.
■On the opened Group Policy Object Editor snap-in, from the left pane, under the User Configuration section, go to Policies > Administrative Templates > System.
■From the expanded list, click to select Ctrl+Alt+Del Options container.
■Once selected, from the right pane, double-click the Remove Task Manager option.
■The opened Remove Task Manager box, click to select the Enabled radio button.
■Finally click OK to confirm the modifications.
■Close the Group Policy Object Editor snap-in.
■Press the Windows + R keys simultaneously to initialize the Run command box.
■In the available field in the Run command box, type the GPUPDATE /FORCE command and press Enter key in order to update the group policy settings.
When I see the Server Manager tool and the Initial Configuration Tasks panel in Windows Server 2008 R2, I don't always remember to click the box that says Do Not Show Me This Console At Logon; therefore, I keep closing it or needlessly seeing the tools during my logon process. Further, if a new administrator logs in to the server, these two tools are presented on the first logon. You can get around the needless display of these two consoles at logon with a Group Policy setting.
The benefits to suppressing the launch of these two tools are: It will prevent an accidental configuration, such as removing a role or inadvertently changing Windows firewall status, and it will make the logon process a little quicker. It doesn't hurt to suppress these tools; chances are, if a change needs to be made to a server, you will be able to figure out how to launch Server Manager (ServerManager.msc) to perform admin tasks on the server.
The setting for disabling this auto-launch is configured in Group Policy in Computer Configuration | Policies | Administrative Templates | System | Server Manager. The two values to hide are Server Manager and Initial Configuration (Figure A).Figure AClick the image to enlarge.
If you set both of those values to Enabled, it will make servers in the domain not display the tools on logon. You can still open the Server Manager; but the option to hide the console is pre-populated and cannot be changed (Figure B).Figure BClick the image to enlarge.
The Initial Configuration Tasks tool is a little different, as there isn't an easy way to run it directly (like Server Manager's snap-in). This tool will still run if the server is running before it joins the domain, so the basic tasks such as changing the computer name, setting an IP address, and configuring a Windows firewall can still be performed from the Initial Configuration Tasks tool.
Do you see a benefit in disabling this tool for subsequent runtime for a server? Share your comments.