Customizing or locking down a new server for Remote Desktop Services in a Server 2012 environment can be quite a time consuming and daunting task. Countless hours will be spent setting up Group Policies, testing them, and deploying them. But far worse than that, you will waste massive amounts of time researching for jacked up ways to do simple things, such as unpinning items from the Taskbar and customizing the Start Screen.
In the past, I had already configured a company wide Group Policy for our old 2003 Terminal Server environment and it was simple and easy. No guesswork, no crazy workarounds, shit just worked. The Group Policies covered almost every scenario or task needed to lock down a server but unfortunately, that is not the case any more.
It seems Microsoft has made the process of doing pretty much anything ridiculous and overcomplicated. As a side rant, we (the world) desperetely need a good open source solution for a thin client type environment with something that mimicks Group Policy. I know I’m not the only person out there that would love to give Microsoft the old stink finger once and for all! I for one am tired of sitting and watching companies succumb to the endless money pit that is Microsoft licensing. Where you at Linux Devs?
Anyhow, I decided to write this script for a lot of shortcomings I’ve encountered along the way. One of which that I want to gripe about is that resorting to changing file permissions to remove shortcuts is just plain fucking retarded and redirecting all of the user’s start menus to a network share seemed like massive overkill to an already complicated scenario. On top of that, I had 6 separate Remote Desktop servers to fully setup and configure so I needed to streamline the process a bit. Suprisingly enough, my solution relies solely on batch scripting (and a little makeshift VB).
Enough chit chat, the script is extremely well documented so here are the highlights/features:
- Removal of the Server Manager and PowerShell links in the Taskbar
- Ability to backup the All User’s and Default User’s Programs directories to a zip file
- Ability to copy the All Programs Start Menu shortcuts to a list of administrator or power user profile directories
- Customized list of applications to remove from the Classic Shell Start Menu or the Windows Start Screen
- Deleted Start Menu Program entries go into the active user’s Recycle Bin and can be restored if necessary
- Remove System Tools, Accessories, Accessibility, Administrative Tools, Windows Store, PC Settings, Control Panel, Run, Command Prompt, and PowerShell shortcuts from Menus
Download the “Custom_RDS_Start_Menu.bat” script here.
:: RDS SERVER 2012 CUSTOM START MENU AND TASKBAR SHORTCUT REMOVAL
:: Author: Nathan Thomas
:: Date: 02/11/2015
::
:: This script should be ran on the RDS server after your server administrators have already
:: logged in at least once so that they get all the shortcuts they need (otherwise you will
:: need to manually copy them later on) but before your end users log in for the first time.
:: In addition, it assumes you have not already made changes or any customizations to the
:: All User's or Default User's Start Menus profiles and that you have already installed all
:: of the applications that the server will be running. Please note that if you decide
:: to install software after you've ran the script, you will manually have to remove that
:: program from the All User's Start Menu folder and copy it to your administrator profiles
Continue reading "Batch Script – RDS Start Menu Application and Taskbar Shortcut Removal Tool"
