none
Remove Powershell Pinned Item from taskbar for all users in 2008 R2 RDS server

    Question

  • Im trying to remove the Powershell Pinned Item from the taskbar on a 2008 RDS server. I have setup a mandatory porfile from a 2008 SP2 server (because you cannot do this in R2 any more), Check the default user pinned items folder, check the registry for powershell.exe, loaded up the NTUSER.DAT file for default to see if any thing obious was there, tried some logon scripts that are suppose to remove pinned items and posted on several forums. This has to be one of the simplest dumb things i have ever worked on , and its been about a week. So how do i remove it?

    P.S.
    having the user click un pinn is not a solution
    yes i have checked C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch

    Tuesday, September 29, 2009 6:14 PM

Answers

  • Hi Jeramy,

    The default pinned items are created the first time a user logs in. Modifying the default user profile won’t help here.

     

    The easiest option is to set the “Remove pinned programs from the Taskbar” to disable taskbar pinned items altogether. The default pinned items won’t show up, but the user won’t be able to pin anything else either.

     

    If you don't want to disable pinning altogether the solution is a little more complicated. One option is to remove the shortcuts “Accessories\Windows PowerShell\Windows PowerShell.lnk” and “Administrative Tools\Server Manager.lnk” from the common start menu folder. These shortcuts are copied to create the pinned items. If they aren’t present they can’t be pinned. This is not a supported option but it may work.


    Another option is to use IStartMenuPinnedList::RemoveFromList in a first run script to remove the pinned items. Not sure how reliable this would be due to the timing of when the default items are added compared to when the script would run.

    One other option is to use shell scripting to invoke the pin & unpin verbs on items:

    http://blogs.technet.com/deploymentguys/archive/2009/04/08/pin-items-to-the-start-menu-or-windows-7-taskbar-via-script.aspx

     

    This would need to be done when the user first logs in (since unpinning default items in the default user profile won't affect each new user account), but it also need to be timed after Explorer sets up the default pinned items as explained above.

    Hope one of these options work for you!

    ~Olga

     

    Thursday, October 01, 2009 3:55 AM

All replies

  • Hi Jeramy,

    The default pinned items are created the first time a user logs in. Modifying the default user profile won’t help here.

     

    The easiest option is to set the “Remove pinned programs from the Taskbar” to disable taskbar pinned items altogether. The default pinned items won’t show up, but the user won’t be able to pin anything else either.

     

    If you don't want to disable pinning altogether the solution is a little more complicated. One option is to remove the shortcuts “Accessories\Windows PowerShell\Windows PowerShell.lnk” and “Administrative Tools\Server Manager.lnk” from the common start menu folder. These shortcuts are copied to create the pinned items. If they aren’t present they can’t be pinned. This is not a supported option but it may work.


    Another option is to use IStartMenuPinnedList::RemoveFromList in a first run script to remove the pinned items. Not sure how reliable this would be due to the timing of when the default items are added compared to when the script would run.

    One other option is to use shell scripting to invoke the pin & unpin verbs on items:

    http://blogs.technet.com/deploymentguys/archive/2009/04/08/pin-items-to-the-start-menu-or-windows-7-taskbar-via-script.aspx

     

    This would need to be done when the user first logs in (since unpinning default items in the default user profile won't affect each new user account), but it also need to be timed after Explorer sets up the default pinned items as explained above.

    Hope one of these options work for you!

    ~Olga

     

    Thursday, October 01, 2009 3:55 AM
  • I tried the scripted solution for Windows 7 however that did not work.
    I did find the setting for a gpo to disable pinned items. This is what im using for now since it accomplishes what i want.

    I did not try the  remove the shortcuts “Accessories\Windows PowerShell\Windows PowerShell.lnk”, on the next server i add to the farm ill will try this.
    Thanks
    Thursday, October 01, 2009 4:39 PM
  • Maybe it's just me, but i was astounded that MS thought it was a good idea to add the server manager and command prompt icons as pinned to start menu items for all users on a terminal server.  I'm equally stunned to find that they added these items as pinned to taskbar in R2.  I know that users can't get into server manager and do anything, but even then, who thought it was a good idea to put an icon for it right in front of their nose?

    The fact that there doesn't even seem to be a good way to keep these items from pinning for all users just amazes me. 
    Wednesday, October 07, 2009 3:11 PM
  • No it is not only you. 

    I deleted the shortcuts so that they don't apear. This is working ...
    Wednesday, November 11, 2009 9:46 AM
  • Hi all!

    Another workaground like Olga said, isn't delete shortcut but only remove users and everybody rights on this 2 links, so admins can always have access to powershell and servermanager!

    Thx to Olga & Mr ALLEGRE for solution :-)

      Yann
    Monday, January 11, 2010 2:56 PM
  • I tried the scripted solution for Windows 7 however that did not work.
    I did find the setting for a gpo to disable pinned items. This is what im using for now since it accomplishes what i want.

    I did not try the  remove the shortcuts “Accessories\Windows PowerShell\Windows PowerShell.lnk”, on the next server i add to the farm ill will try this.
    Thanks

    Hello Jeramy_T

    Please tell me what GPO you have used for this?
    Wednesday, January 20, 2010 10:13 AM
  • I had the same problem and i also think that it's weird that there is no easy solution for this behavior. I have read an article somewhere else with the solution that works like a charm.

    To do this, create a new GPO and drill down to:
    Computer configuration->Policies->Windows settings->Security Settings->File System

    Add each file below, removing Users from the permissions so it's only Administrators, Creator Owner and System:

    • %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
    • %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Server Manager.lnk
    • %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk

    Keep in mind the path for %AllUsersProfile% is typically C:\ProgramData.  When you add the files using Group Policy Management you will select the files by drilling down to C:\ProgramData, Microsoft, Windows, Start Menu, etc, but you will notice when you've added them it auto-magically changes the path %AllUsersProfile%.

    Use the "Configure this file or folder and propagate inheritable permissions to all subfolders and files" option on all three files.  Make sure to attach the new OU to your RDS OU or modify your existing RDS GPO. Run gpupdate /force from the command prompt on your RDS servers after adding/modifying this GPO and you're ready to go!


    Off course you can also configure the security settings manually.

     

    Good luck!


    Senior IT Engineer
    • Proposed as answer by Gai-jin Monday, January 03, 2011 3:48 PM
    Tuesday, November 30, 2010 1:08 PM
  • Thanks Cor Reinhard.  This solution worked perfectly, and I didn't have to run any login scripts.  Now the GPO will take care of any new R2  RDS servers that I put in place.  Some of these little things can take all day trying to figure out.  Microsoft makes it hard when it comes to terminal server environments.  

     

    Jon Wooten

    System/Network Engineer

    Thursday, December 30, 2010 8:42 PM
  • I had the same problem and i also think that it's weird that there is no easy solution for this behavior. I have read an article somewhere else with the solution that works like a charm.

    To do this, create a new GPO and drill down to:
    Computer configuration->Policies->Windows settings->Security Settings->File System

    Add each file below, removing Users from the permissions so it's only Administrators, Creator Owner and System:

    • %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk
    • %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Server Manager.lnk
    • %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows PowerShell Modules.lnk

    Keep in mind the path for %AllUsersProfile% is typically C:\ProgramData.  When you add the files using Group Policy Management you will select the files by drilling down to C:\ProgramData, Microsoft, Windows, Start Menu, etc, but you will notice when you've added them it auto-magically changes the path %AllUsersProfile%.

    Use the "Configure this file or folder and propagate inheritable permissions to all subfolders and files" option on all three files.  Make sure to attach the new OU to your RDS OU or modify your existing RDS GPO. Run gpupdate /force from the command prompt on your RDS servers after adding/modifying this GPO and you're ready to go!


    Off course you can also configure the security settings manually.

     

    Good luck!


    Senior IT Engineer

    Cor Reinard,

    Are you using roaming profiles on your RDS server?  I am and changing the permissions on those items seems to cause profiles to fail to load.  I think it's probably trying to load those items into the profile and failing because of the lack of permissions.  Anyone else see this?  And yes, I also think it's absurd MS has set up this behavior for non-admins.

    • Proposed as answer by Tarek Al-Bataa Friday, March 22, 2013 11:39 PM
    Tuesday, January 11, 2011 12:49 AM
  • How did you disable pinned itemes? Could you please let me know steps or code? I am trying to disable pin and unpin options through .net code.

    Appreciate your help.

    Wednesday, March 02, 2011 4:48 PM
  • Maybe it's just me, but i was astounded that MS thought it was a good idea to add the server manager and command prompt icons as pinned to start menu items for all users on a terminal server.  I'm equally stunned to find that they added these items as pinned to taskbar in R2.  I know that users can't get into server manager and do anything, but even then, who thought it was a good idea to put an icon for it right in front of their nose?

    The fact that there doesn't even seem to be a good way to keep these items from pinning for all users just amazes me. 


    +1

    And the logon script "fixes" only add to the already gruesome delays in logging onto a terminal server.


    Mayur
    Friday, May 27, 2011 4:15 PM
  • Hi,

    Yes i'm using roaming profiles. I personally have no issues with above solution. As described you will need to configure the proper permissions on these items.


    Technical Consultant Exchange | MCP, MCSA, MCSE, MCTS, MCITP | Blog: http://www.reinhard-online.nl | Follow me on twitter: correinhard
    Thursday, November 10, 2011 11:38 AM
  • Hi Cor Reinhard,

    I followed you suggesting and just like schrempp_b, I am using roaming profiles. I deleted my profile and try log into the terminal server through XenApp my profile is not being created. I am being logged with temporary profile. I've reverted back by adding users and everyone on the server manager security tab but there is no change. I am worried that users will get the same problem where their profiles are not recreated if i delete their profiles. Any other suggestions on how to fix this issue so it can normalise?

    Thanks,

    Djscientist

    Wednesday, November 16, 2011 5:17 AM
  • Hi Cor Reinhard,

    I followed you suggesting and just like schrempp_b, I am using roaming profiles. I deleted my profile and try log into the terminal server through XenApp my profile is not being created. I am being logged with temporary profile. I've reverted back by adding users and everyone on the server manager security tab but there is no change. I am worried that users will get the same problem where their profiles are not recreated if i delete their profiles. Any other suggestions on how to fix this issue so it can normalise?

    Thanks,

    Djscientist


    Hi Djscientist,

    I think there is no link between pinned items and your problem.

    Maybe you have made modifications on default user profile, so new user is not able to read some files/folders and create a new profile. Check Windows Eventlog, you should find error UserEnv with Access Denied.


    Ingénieur Système - http://yannbouvier.free.fr
    Friday, November 18, 2011 7:24 AM
  • I tried this, but was still able to launch the shortcuts.  I took it a step further and removed the Users groups from the actual .exe that is located in system32.  This produced the results I wanted and the nice thing about it is that Windows offers to remove the shortcut from the taskbar after not having access to the .exe.  I have done the same with Server Manager.

    Thanks for the tips!

    Tuesday, February 07, 2012 8:25 PM
  • Removing the Shortcuts on the Administrators Start Menu works.

    The Task Scheduler also points to the shortcut for the Server Manager so you will NEED to delete the scheduled task that runs the Server Manager or it will throw an error that the shortcut .ink can not be found.

    Wednesday, March 21, 2012 3:55 PM
  • I was hoping this was relevant to Windows Server 2012, which is what I am evaluating (Release Canidate).  This method worked for the Server Manager, but not the PowerShell.  Not sure why.

    The other methods did not work at all.

    Wednesday, June 06, 2012 3:46 PM
  • That worked great for me, Thanks Cor.  Although instead of just removing the permissions I set a 'Deny All' on the SG that our users are a member of.

    Thanks!


    • Edited by Gibbonovich Thursday, August 16, 2012 4:15 PM
    Thursday, August 16, 2012 4:15 PM
  • Schrempp_b's solution worked best for me.  applied it to our existing Citrix servers OU ran GPupdate /force, I will continue testing and post if we run into problems. 

    Friday, March 22, 2013 11:42 PM
  • One option is to remove the shortcuts “Accessories\Windows PowerShell\Windows PowerShell.lnk” and “Administrative Tools\Server Manager.lnk” from the common start menu folder. These shortcuts are copied to create the pinned items. If they aren’t present they can’t be pinned. This is not a supported option but it may work.

    ~Olga 

    Thanks, that gave me the idea to just rename them in the Start Menu with a double space, ie to "Windows  PowerShell" and "Server  Manager".  That way they will not appear in the taskbar for all new users, but are still available to users if required.

    Friday, June 20, 2014 5:30 AM