Remote Desktop Server – Registry Key to Change RDP Listening Port

As you probably already know, by default, Microsoft Remote Desktop listens on port 3389. This is all good, but what if you are behind a firewall and wanted to allow port forwarding to be able to access multiple computers via RDP remotely but can’t because they are all running on the same port?

Well, if you’re crafty and have a decent Linux-based router like Mikrotik that will let you create packet mangling rules to change the destination port number, you can get around this, but in environments where you have little SOHO routers like Linksys or Belkin, typically this is where changing the port number that RDP listens on comes in handy. The only problem then is remembering whatever port you changed it to because then you have to specify it anytime you connect via RDP which can be a pain if you’ve got a bad memory. There are already a thousand and one articles out there to help you change the port number, this is a quick post for future reference for myself.
Continue reading “Remote Desktop Server – Registry Key to Change RDP Listening Port”

Batch Script – Ribbon UI Customization: Take Ownership and Change Permissions of the CommandStore Subkeys in the Registry

This is just a follow up to my experiences customizing the Ribbon UI icons in Server 2012 and where the path has taken me thus far. After many hours of research and development and a lot of head scratching, I’ve written several posts on how to disable the different icons in the Ribbon UI which requires the adding or editing of keys in the CommandStore section of the registry for Windows Explorer. For more information on how to disable the icons, see this post.

My whole goal as of late was to be able to add these registry items to the RDS server’s GPO to be able to deploy these settings to all 7 of my RDS servers but then I found out you can’t take ownership of the CommandStore subkeys with the local “SYSTEM” account. Yet another deliberate Microsoft setback meant to discourage people from editing the Ribbon UI, oh well, fuck ’em. I’ve encountered so many problems with this RDS server project it is unreal and this was just icing on the proverbial cake. Continue reading “Batch Script – Ribbon UI Customization: Take Ownership and Change Permissions of the CommandStore Subkeys in the Registry”

Server 2012 – RDesktop: Fix Disappearing Mouse Cursor with Group Policy

Boy do I sure feel like a dumbass sometimes. I researched and wrestled with this damn issue for a week or more only to find out that I had come across the answer to this problem about a dozen times but was looking in the wrong freaking spot. For whatever reason, when people were referring to disabling the mouse pointer shadow, I immediately thought of the place in windows System Properties > Advanced Tab > Performance > Settings > Visual Effects Tab > “Show shadows under mouse pointer” but that wasn’t fixing my problem and now I know why. Here’s the whole story.

I’ve got a mix of around 100 Neoware CA19, CA21, and HP T5145 thin clients, all with 128MB of flash running HP ThinPro build T3X31012 and rdesktop version 1.6.0 that I’ve been testing with on Server 2012 and this was a major problem. I was just about finished locking down this 7 server RDS deployment I’ve been working on and when I had my first few users start to log in to test everything, they had no mouse cursor, fucking awesome!

At first, I thought this may have been a VMware tools problem, so I had reinstalled it and had scoured all the forums there, trying various different little tweaks, registry keys, and what have you, but that was only the beginning. Then I tried adjusting the various RDP settings on the thin client with no luck. I tried all the different things on the various Windows forums and still no luck. I got to know all the ins and outs of HP’s thin client architecture, their use of the Manticore registry, config files and everything that goes along with it and how it all works.
Continue reading “Server 2012 – RDesktop: Fix Disappearing Mouse Cursor with Group Policy”

RDS Server 2012 – Disable On-Screen Keyboard Toolbar While Shadowing a User

While researching on how to make shadowing or remote controlling transparent to the end user in Server 2012 (While shadowing, now end users get an on-screen keyboard toolbar icon and somehow the ability to change the taskbar positioning even if that ability is disabled so that now they can tell when their session is being remote controlled), I came across some articles that said Microsoft had completely removed the functionality when the product first came out and I was completely and utterly flabbergasted. I seriously can not believe that they could be that freaking ignorant. I think I can speak for every system admin out there that they would stab MS in the neck with a jagged shard of broken glass if given the chance for removing that option. Administratively, the whole point of being able to remote control a users session without their consent or knowing your there tends to keep end users on task or to keep them from doing things they know they’re not supposed to be doing instead of working.
Continue reading “RDS Server 2012 – Disable On-Screen Keyboard Toolbar While Shadowing a User”

Server 2012/Windows 8 – Ribbon UI: Disable Icons, Buttons, Shortcuts, Tasks, and Commands

To disable a Ribbon UI icon, button, shortcut, task, or command, it requires a combination of registry keys. Some of which must be added to the registry, other keys merely need to be edited if they already exist. In cases where I’ve added the “MUIVerb” column in the table below, the only reason I am adding this key is because once you disable the icon, for whatever reason the icon description is missing so it looks fairly strange to have a grayed out icon without a name under it. Here is the location of the Ribbon UI stuff in the registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\CommandStore\shell

All of these registry keys use the same values throughout so I’m just going to place an X in the column below whether you need to set it or not. Also, I don’t have that kind of time to be able to test every single one of these entries, however, I would like to see this table completely filled at some point and I can only do that with your help. If you figure out an entry that I haven’t documented yet here, please take the time to quickly email me the info containing all the necessary info at webmaster@thisdomain.com with a subject line of “Ribbon UI”. I will ask one more thing of you, since at the time of this writing, this is literally the only place on the internet you will find this information (and I searched online for days) because I figured it out all by myself, if this page helped you out, please give me a thumbs up vote at the bottom of the post. I intend on adding some sortable post rating functionality to the site and I need feedback. Continue reading “Server 2012/Windows 8 – Ribbon UI: Disable Icons, Buttons, Shortcuts, Tasks, and Commands”

Server 2012 – Ribbon UI: Disable Hidden Items Checkbox

For a good explanation of the process involved to do this and how I figured this out, check out my other post here. Microsoft really dropped the ball this time around by reinventing the wheel (aka the Ribbon UI) and not creating the associated Group Policy templates to be able to disable items that standard users should never have access to.

Just a couple of questions for Microsuck…

  1. Why in the hell does a person hide a file or folder in the first place? Could it be because they don’t want users to access it? Sure you can set file permissions but what about hidden DFS root folders that they have to have write access to? Do you want your users to have access to those? Nothing can go wrong there…
  2. Why would I have a Group Policy to disable access to “File Options” yet have a checkbox to show “Hidden Items” with no way to disable it. It doesn’t make sense. You don’t make sense. Dumbasses. Finish the fucking product before you roll it out for god sakes. This OS has been out for three years already, how in the hell is this not fixed yet? (P.S. you suck.)

Continue reading “Server 2012 – Ribbon UI: Disable Hidden Items Checkbox”

Server 2012 – Ribbon UI: Disable Add a Network Location and Other Icons

This one task took me days of research online and a lot of trial and error to figure out and you won’t find this answer anywhere else on the net (except for another forum I posted the solution in), so I hope some server admins out there will really find this useful (and I know you will).

My initial conquest began as a search for the “Add Network Location” CLSID {D4480A50-BA28-11d1-8E75-00C04FA31A86} in the registry after learning how to disable the other icons in File Explorer. My first attempts to disable this shortcut followed this same procedure but failed miserably and I couldn’t understand why. I tried at least a dozen different locations in the registry to no avail but eventually I found a post on stackexchange that sort of pointed me in the right direction and gave me an idea of what to search for in the registry and then I started to make some connections in my head.
Continue reading “Server 2012 – Ribbon UI: Disable Add a Network Location and Other Icons”

Server 2012/Windows 8 – Complete File Explorer Icon/Shortcut/Folder Removal List

I thought I would share with you the master icon removal list for File Explorer that I’ve compiled from various sites. All of the articles I’ve come across tend to delete the icons for all user’s, but I’ve found that it is possible to delete some of them on a per user basis by creating the key structure in the HKCU section of the registry instead. You’ll just have to fiddle around with them if you want to try it.

HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{CLSID}\ShellFolder

My biggest bitch by far about Server 2012 is that it doesn’t appear to even be a finished product in regards to Group Policy lockdown procedures. On almost every account, you have to hack the damn registry to get rid of unwanted items from File Explorer not to mention the god damned Ribbon UI which I’m going to do a whole nother post to rant and rave about and explain how to customize/remove icons from it. I’m not going to go into great detail here on how to add them through Group Policy Preferences or anything so if you need to know how to do that, check out some of my other articles where I explain how to do it.
Continue reading “Server 2012/Windows 8 – Complete File Explorer Icon/Shortcut/Folder Removal List”

Server 2012 – Set Proxy Server and Prevent Changes via Group Policy

Thanks to Microsoft, with the removal of the Internet Explorer Maintenance section in Group Policy since IE9, once again they’ve decided to make things more complicated and the end users have lost yet another important administrative tool required for many environments.

That being said, the only way to set and enforce proxy settings in Internet Explorer now requires hacking the registry, which I’m seeing as a disturbingly all too common trend when setting up an RDS server. Here are the keys to the kingdom:

User Configuration > Preferences > Windows Settings > Registry
 Continue reading "Server 2012 – Set Proxy Server and Prevent Changes via Group Policy"

Server 2012/Windows 8 – CLSID Key (GUID) Shortcuts List

I found this information to be invaluable when having to hack my way through the registry to lock down a 2012 RDS Server so I wanted to make a post here for future reference. Every bit of the credit goes to this site as I’m simply just copying the info.

You could use either command below to create a shortcut with the CLSID key (GUID) for what it opens. If the shortcut doesn’t work with one command, then use the other one.

You would right click or press and hold on the desktop, click/tap on New and Shortcut, use a command below for the “location”, then type in a name for the shortcut. If you like, you can Pin to Taskbar on desktop, Pin to Start screen, add to Quick Launch, assign a keyboard shortcut to it, or move this shortcut to where you like for easy use. Continue reading “Server 2012/Windows 8 – CLSID Key (GUID) Shortcuts List”