Clicky

I have two Windows 2008 R2 Terminal Servers running as guests on a VMware 5 host. The users that connect have access to the Safetly Remove Hardware icon in the system Tray. Convienently one of the items that can be "safely ejected" is the Intel Network card. Doing this drops all sessions and removes the NIC from the Terminal Server Guest permenetly. You can see this is a bit of an issue.

I am running in a Windows 2003 Active Directory Domain. Anyone know a reg hack to fix  this?

asked 12/12/2011 06:34

eellong3's gravatar image

eellong3 ♦♦


4 Answers:
I thought only Administrators, Power Users and Backup Operators had the right to remove hardware, so maybe you could work with the user rights on the VM.

If not, you might be able to hide the system tray completely by creating the 'NoTrayItemsDisplay' in the registry with value 1 in [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]

Thirdly, you could fiddle with the GPO keys User Conf\Adm.Temp\Desktop\system\ Run only specified windows applications or don't run specified windows applications with shell.dll or hotplug.dll
link

answered

The_Daywalker's gravatar image

The_Daywalker

Interesting point, i suppose it wouldnt matter that the the Safely Remove Hardware was in the system tray if users didnt have permissions to eject the network card. Strange but the users do not have elevated priveledge and can still do it. I will try to explicetly deny access in Local Security Policy.

I need the system tray for other apps that use it for notifications so I cant disable it completely unfortuantly.

I am going to give the GPO a shot - that would be a quick and dirty way to get this done. Thanks for the responce - ill let you know how this goes.
link

answered 2011-12-13 at 00:34:12

eellong3's gravatar image

eellong3

There was an option DEVICES: alloed to format and eject removable media, this was not defined, changing it to Administrators only had no change.

Havent tried the GPO option yet. Will post back when i do.
link

answered 2011-12-13 at 08:27:29

eellong3's gravatar image

eellong3

The blasted test accounts i was using (i didnt create the test accounts) had mixed group membership, some were administrators. That was the problem. Thanks for your effort on this.
link

answered 2011-12-13 at 12:54:46

eellong3's gravatar image

eellong3

Your answer
[hide preview]

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Tags:

×1

Asked: 12/12/2011 06:34

Seen: 277 times

Last updated: 12/16/2011 12:38