In order to follow this guide you will need an Active Directory domain as well as a Server 2016 RDS server.
You have been tasked to setup a Remote Desktop Server for your Company and you have been ordered to lock it down to disable users accessing advanced features hidden under the context menu of the startbutton in Server 2016.
- Open Group Policy Management Console
There are many ways to do this so use your favorite way.
- Create a new Policy
Create a group policy in in the Organizational Unit where your Remote Desktop Server is stored.
- Edit the group policy and browse to the relevent section
Computer Configuration>Policies>Windows Settings>Security Settings>Software Restriction Policies
- When Software Restriction Policies is selected in the left hand side you should see a list as the following:
- Double-click Enforcement in the right pane.
- After “Apply software restriction policies to the following users” select “All users except local administrators” and click OK.
- Next double-click on the folder Additional Rules.
- Right-click in the rightpane and select New Path Rule…
- For the Path enter: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group1
- Repeat step 8 and enter this name: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group2
- Repeat step 8 again and enter the name: %USERPROFILE%\AppData\Local\Microsoft\Windows\WinX\Group3
- You should now have a total of 3 rules Disallowing access to those 3 folders, This will turn off the right-click function of the start-button.
You need to run gpupdate /force on the RDS Server and that’s it! If you have any questions or comments feel free to comment below!