I have researched for hours and hours and have looked into numerous different solutions on how to remove pinned items from the taskbar in Server 2012 and have not really found an elegant solution to the problem. Microsoft intentionally made it an extremely ridiculous and convoluted process to be able to add and remove pinned items from the taskbar. I guess it was meant to help prevent it from getting all fuckered up but for christ’s sake, I shouldn’t have to jump through effing hoops just to do such a seemingly rudimentary task.
Part of my particular issue lies in the fact that I’m setting up a completely locked down 2012 RDS environment where the users don’t even have access to the command prompt, powershell, or the ability to run VB scripts. This alone rules out almost every solution out there that I’ve found.
I have even gotten to the point of where I tried using Group Policy Preferences to create a HKCU RunOnce key to run a batch file to delete the necessary files, add the proper registry keys, kill the explorer.exe process, but then I can’t start explorer again without using cmd.exe and I don’t want the user to have to log off and back on again and we can just have a missing shortcut sitting in the freaking taskbar, it confuses people. WTF!!!
Such a freaking mess and I completely hate the idea of changing the stupid file permissions just to remove the links from the damn taskbar but I’m so freaking tired of dealing with this. I’ve already wasted so much time trying to do something so simple and I know I’m not the only poor bastard out there that is aggravated as hell about this. -1 Microsuck
Anyways, here is the crappy ass Group Policy solution to remove the PowerShell and Server Manager pinned items:
Inside of the Group Policy editor, under
Computer Configuration > Windows Settings > Security Settings > File System
Right-click, “Add-File”, and set the Folder to
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Server Manager.lnk
and on the Database Security box,
remove "CREATOR OWNER" and "Users" groups and leave the default propagation permissions
then do the same for
%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk
Please note that this will only work for newly created users because the shortcuts get created at first logon.
Unfortunately, I’ve got a ton more of items that I need to remove from the Classic Shell Start Menu and the Start Screen so I’ve either got to mimic this process a few dozen times or come up with another solution. The problem with this setup is that if you remove the permissions on the Start Menu folders, the folders still show up without anything inside them and who wants that?
I’ve read up about completely redirecting the Start Menu to a network share and although that would definitely accomplish the end goal and guarantee what items show up in the programs menu, I’m not a big fan of that solution either, so I may just end up writing a batch script for a custom solution.
To get rid of the unwanted Start Menu programs on my previous 2003 Terminal Servers, I just moved them out of the all users profile and the default user profile and put them in the domain administrator’s Start Menu location and copied the same files to local administrators profile. I don’t like it but I’m running low on ideas and who in the hell would want their users to be able to access the Administrative Tools anyways, so DUMB!
For another option instead of using Group Policy, check out a batch script I wrote here.