This article is a reference to a number of articles and links to provide information about how to succesfully lock down your Remote Desktop Server (2008R2) or Terminal Server (2003 / 2008). It is not a definite guide to how to perform a lock down, but will provide certain pointers, and highlight certain pitfalls. It is a work-in-progress and several additions will be made as the guide progresses.
You obviously need a Windows-domain running AD for lockdown to work properly. A standalone server running a local group policy can't be locked down enough to be useful. A domain is highly recommended.
Your DC or a member server (can be the RDS / TS as well) should have the Group Policy Mana ...
To always show the Computer icon on the desktop via GPO, there are several things to be set. Aside of the obvious setting in GPO, you also have to add a registry entry through GPP to automatically show the Computer icon on desktop.
In User Configuration, Preferences, Windows Settings, Registry, add a new entry. Whether you want to enforce or not, is up to you. Either choose create (only applied once), or Replace (always apply).
The value is a DWORD value in HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel, named {20D04FE0-3AEA-1069-A2D8-08002B30309D}. This is the CLSID for the Computer icon. Set it to 0 to have the icon shown on user's des ...
For the proper application of all parts of a GPO, including the Group Policy Preferences (GPP), you need to install the right client on your client computers. You can find a list of download links below.
Windows XP: http://www.microsoft.com/download/details.aspx?id=3628
Windows XP x64: http://www.microsoft.com/download/details.aspx?id=23680
Windows 2003: http://www.microsoft.com/en-us/download/details.aspx?id=6955
Windows 2003 x64: http://www.microsoft.com/en-us/download/details.aspx?id=14171
Windows Vista: http://www.microsoft.com/en-us/download/details.aspx?id=24169
Windows Vista x64: http://www.microsoft.com/en-us/download/details.aspx?id=15198
read more
