none
RDS 2012 R2 - How do I lockdown access to Local Computer Management and Windows Backup via Group Policy RRS feed

  • Question

  • Greetings all,

    I am needing assistance in how to lockdown access to Local Computer Management and Windows Backup via Group Policy for users that access RDS service. I have followed this awesome guide - h t t p://w w w.it.ltsoy.com/windows/lock-down-remote-desktop-services-server-2012/   - but it is missing two important resources that I would like to lock down.Currently, I have successfully locked down Control Panel for users via Group Policy, but I cannot find any group policy or guide on how to restrict user access to Computer Management (different to Server Manager). When using Win-X shortcut to open the 'Administrator's shortcuts' near the windows icon, I have locked down everything except Computer Management. Computer Management gives direct access to Disk Management, Shares etc, which are locked down for users. But Windows Server Backup is still accessible. Can someone please guide me on how to restrict access to both Computer Management and Windows Server Backup.

    Thanks in advance.

    Terry.

    Saturday, January 24, 2015 5:46 AM

Answers

  • This took me a very long time to find. You have to disable it via disabling MMCs

    Disable Computer Management - Disable MMCs

    [User Configuration\Administrative Templates\Windows Components\Microsoft Management Console\Restricted/Permitted snap ins]

    Computer Management - Disabled

    Hope this helps others anyway.

    Saturday, January 24, 2015 10:34 PM

All replies

  • This took me a very long time to find. You have to disable it via disabling MMCs

    Disable Computer Management - Disable MMCs

    [User Configuration\Administrative Templates\Windows Components\Microsoft Management Console\Restricted/Permitted snap ins]

    Computer Management - Disabled

    Hope this helps others anyway.

    Saturday, January 24, 2015 10:34 PM
  • Prevent running of Windows Server Backup

    Computer Configuration\Policies\Windows Settings\Security Settings\File System

    Right click on File System - Add File - Drill down to \System32\wbadmin.msc

    On the Database Security ACL that pops up - Remove Creator Owner, Remove Users and check Adminstrators have Full Access.

    On the Object window - choose Propagate inheritable permissions to all... (Default)

    Monday, January 26, 2015 6:37 AM
  • Thank you. this helped me a lot.
    Wednesday, March 4, 2015 7:51 AM