Print

Lock Down Terminal Services

Written by Daniel Mundy on 13 December 2008.

Program Execution

To create a whitelist of allowed programs, use "Run only allowed Windows Applications" in User Configuration, Adminitrative Templates, System.

To create a blacklist of disallowed programs, use "Don't run specified Windows applications" in the same folder.

Computer Configuration >> Administrative Templates

System >> Group Policy

  • User Group Policy loopback processing mode: Enabled
    Mode: Replace

User Configuration >> Administrative Templates

Control Panel

  • Prohibit access to the Control Panel: Enabled
  • Show only specified Control Panel Applets: Enabled
    List of allowed Control Panel Applets: Printers

Control Panel >> Add or Remove Programs

  • Hide Add New Programs page: Enabled

 

Group Policy Management
body { font-size:68%;font-family:MS Shell Dlg; margin:0px,0px,0px,0px; border: 1px solid #666666; background:#F6F6F6; width:100%; word-break:normal; word-wrap:break-word; } .head { font-weight:bold; font-size:160%; font-family:MS Shell Dlg; width:100%; color:#6587DC; background:#E3EAF9; border:1px solid #5582D2; padding-left:8px; height:24px; } .path { margin-left: 10px; margin-top: 10px; margin-bottom:5px;width:100%; } .info { padding-left:10px;width:100%; } table { font-size:100%; width:100%; border:1px solid #999999; } th { border-bottom:1px solid #999999; text-align:left; padding-left:10px; height:24px; } td { background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; } .btn { width:100%; text-align:right; margin-top:16px; } .hdr { font-weight:bold; border:1px solid #999999; text-align:left; padding-top: 4px; padding-left:10px; height:24px; margin-bottom:-1px; width:100%; } .bdy { width:100%; height:182px; display:block; overflow:scroll; z-index:2; background:#FFFFFF; padding-left:10px; padding-bottom:10px; padding-top:10px; border:1px solid #999999; } button { width:6.9em; height:2.1em; font-size:100%; font-family:MS Shell Dlg; margin-right:15px; } @media print { .bdy { display:block; overflow:visible; } button { display:none; } .head { color:#000000; background:#FFFFFF; border:1px solid #000000; } }
Setting Path:
Explanation
No explanation is available for this setting.
Supported On:
Not available

 

 

Control Panel/Add or Remove Programs
Policy Setting
Hide Add New Programs page Enabled
Hide Add/Remove Windows Components page Enabled
Hide Change or Remove Programs page Enabled
Hide the "Add a program from CD-ROM or floppy disk" option Enabled
Hide the "Add programs from Microsoft" option Enabled
Hide the "Add programs from your network" option Enabled
Hide the Set Program Access and Defaults page Enabled
Remove Add or Remove Programs Enabled
Remove Support Information Enabled

 

Control Panel/Display
Policy Setting
Hide Appearance and Themes tab Enabled
Hide Desktop tab Enabled
Hide Screen Saver tab Enabled
Hide Settings tab Enabled
Prevent changing wallpaper Enabled
Remove Display in Control Panel Enabled
Screen Saver Disabled

 

Control Panel/Display/Desktop Themes
Policy Setting
Prevent selection of windows and buttons styles Enabled
Prohibit selection of font size Enabled
Prohibit Theme color selection Enabled
Remove Theme option Enabled

 

Control Panel/Regional and Language Options
Policy Setting
Restrict selection of Windows menus and dialogs language Enabled
Restrict users to the following language: English

 

Desktop
Policy Setting
Do not add shares of recently opened documents to My Network Places Enabled
Hide Internet Explorer icon on desktop Disabled
Hide My Network Places icon on desktop Enabled
Prohibit user from changing My Documents path Enabled
Remove My Computer icon on the desktop Disabled
Remove My Documents icon on the desktop Enabled
Remove Properties from the My Computer context menu Enabled
Remove Properties from the My Documents context menu Enabled
Remove Properties from the Recycle Bin context menu Enabled
Remove Recycle Bin icon from desktop Enabled
Remove the Desktop Cleanup Wizard Enabled

 

Desktop/Active Desktop
Policy Setting
Disable Active Desktop Enabled
Disallows HTML and Jpg Wallpaper
Policy Setting
Enable Active Desktop Disabled

 

Start Menu and Taskbar
Policy Setting
Add Logoff to the Start Menu Enabled
Force classic Start Menu Disabled
Gray unavailable Windows Installer programs Start Menu shortcuts Enabled
Remove and prevent access to the Shut Down command Enabled
Remove Documents menu from Start Menu Enabled
Remove Drag-and-drop context menus on the Start Menu Disabled
Remove Help menu from Start Menu Enabled
Remove links and access to Windows Update Enabled
Remove Logoff on the Start Menu Disabled
Remove My Documents icon from Start Menu Enabled
Remove My Music icon from Start Menu Enabled
Remove My Network Places icon from Start Menu Enabled
Remove My Pictures icon from Start Menu Enabled
Remove Network Connections from Start Menu Enabled
Remove Run menu from Start Menu Enabled
Remove Search menu from Start Menu Enabled
Remove Set Program Access and Defaults from Start menu Enabled
Remove the "Undock PC" button from the Start Menu Enabled

 

System
Policy Setting
Don't display the Getting Started welcome screen at logon Enabled
Prevent access to registry editing tools Enabled
Disable regedit from running silently? Yes
Policy Setting
Prevent access to the command prompt Enabled
Disable the command prompt script processing also? No
Policy Setting
Run only allowed Windows applications Enabled
List of allowed applications
AcroRd32.exe
excel.exe
iexplore.exe
msaccess.exe
myobp.exe
notepad.exe
outlook.exe
SBS_LOGIN_SCRIPT.bat
winword.exe
Policy Setting
Turn off Autoplay Enabled
Turn off Autoplay on: All drives