Browse Recent:

Posted on

Batch Script – RDS Start Menu Application and Taskbar Shortcut Removal Tool

Customizing or locking down a new server for Remote Desktop Services in a Server 2012 environment can be quite a time consuming and daunting task. Countless hours will be spent setting up Group Policies, testing them, and deploying them. But far worse than that, you will waste massive amounts of time researching for jacked up ways to do simple things, such as unpinning items from the Taskbar and customizing the Start Screen.

In the past, I had already configured a company wide Group Policy for our old 2003 Terminal Server environment and it was simple and easy. No guesswork, no crazy workarounds, shit just worked. The Group Policies covered almost every scenario or task needed to lock down a server but unfortunately, that is not the case any more.

It seems Microsoft has made the process of doing pretty much anything ridiculous and overcomplicated. As a side rant, we (the world) desperetely need a good open source solution for a thin client type environment with something that mimicks Group Policy. I know I’m not the only person out there that would love to give Microsoft the old stink finger once and for all! I for one am tired of sitting and watching companies succumb to the endless money pit that is Microsoft licensing. Where you at Linux Devs?

Anyhow, I decided to write this script for a lot of shortcomings I’ve encountered along the way. One of which that I want to gripe about is that resorting to changing file permissions to remove shortcuts is just plain fucking retarded and redirecting all of the user’s start menus to a network share seemed like massive overkill to an already complicated scenario. On top of that, I had 6 separate Remote Desktop servers to fully setup and configure so I needed to streamline the process a bit. Suprisingly enough, my solution relies solely on batch scripting (and a little makeshift VB).

Enough chit chat, the script is extremely well documented so here are the highlights/features:

  • Removal of the Server Manager and PowerShell links in the Taskbar
  • Ability to backup the All User’s and Default User’s Programs directories to a zip file
  • Ability to copy the All Programs Start Menu shortcuts to a list of administrator or power user profile directories
  • Customized list of applications to remove from the Classic Shell Start Menu or the Windows Start Screen
  • Deleted Start Menu Program entries go into the active user’s Recycle Bin and can be restored if necessary
  • Remove System Tools, Accessories, Accessibility, Administrative Tools, Windows Store, PC Settings, Control Panel, Run, Command Prompt, and PowerShell shortcuts from Menus

Download the “Custom_RDS_Start_Menu.bat” script here.

:: RDS SERVER 2012 CUSTOM START MENU AND TASKBAR SHORTCUT REMOVAL
:: Author: Nathan Thomas
:: Date: 02/11/2015
::
:: This script should be ran on the RDS server after your server administrators have already
:: logged in at least once so that they get all the shortcuts they need (otherwise you will 
:: need to manually copy them later on) but before your end users log in for the first time.
:: In addition, it assumes you have not already made changes or any customizations to the
:: All User's or Default User's Start Menus profiles and that you have already installed all
:: of the applications that the server will be running. Please note that if you decide
:: to install software after you've ran the script, you will manually have to remove that
:: program from the All User's Start Menu folder and copy it to your administrator profiles
 Continue reading "Batch Script – RDS Start Menu Application and Taskbar Shortcut Removal Tool"
Posted on

Batch Script – Sending Items to the Recycle Bin Without Calling Any Third-Party Applications

While writing another larger script, I wanted the ability to send folders or files to the Recycle Bin, which I found out you can’t do natively via the command line without using some third-party apps or PowerShell.

I also found that when looping through a list of files in a batch script, it makes it really difficult to delete folders versus files because you have to either use the “del” command for files or the “rmdir” command for folders. With no simple way to differentiate between the two without a bunch of extra code, I kept looking for an alternative solution.
Continue reading “Batch Script – Sending Items to the Recycle Bin Without Calling Any Third-Party Applications”

Posted on

Batch Script – Zip/Compress Files Without Calling Any Third-Party Applications

While writing another batch script the last several days, I found out that you cannot zip or compress files or folders natively from the command line without having additional third-party software or PowerShell. After a while of scouring the forums, I came up with this pure batch solution that uses VB script.

Basically, from this chunk of code in a single batch file, we can both generate the VB script, zip up whatever files we want, and then just delete the VB script when we’re done. Within the batch file, we can just call on the VB script using “CScript” and it works pretty much like any other function in any other programming language.
Continue reading “Batch Script – Zip/Compress Files Without Calling Any Third-Party Applications”

Posted on

Batch Script – Get User’s SID One-Liner

While researching a way to try and send files to a user’s Recycle Bin from a batch script, I came across this one liner either at StackExchange or SuperUser forums somewhere. FYI, there is no way natively to send something to the trash without using a VB script or some third party utility. Yes you can physically move the files into the C:\$Recycle.Bin\<UsersSID> folder, but the files will not show up in Explorer and won’t be removed when you empty the trash that way.
Continue reading “Batch Script – Get User’s SID One-Liner”

Posted on

Server 2012 – Remove Pinned Items on the Taskbar via Group Policy

I have researched for hours and hours and have looked into numerous different solutions on how to remove pinned items from the taskbar in Server 2012 and have not really found an elegant solution to the problem. Microsoft intentionally made it an extremely ridiculous and convoluted process to be able to add and remove pinned items from the taskbar. I guess it was meant to help prevent it from getting all fuckered up but for christ’s sake, I shouldn’t have to jump through effing hoops just to do such a seemingly rudimentary task.

Part of my particular issue lies in the fact that I’m setting up a completely locked down 2012 RDS environment where the users don’t even have access to the command prompt, powershell, or the ability to run VB scripts. This alone rules out almost every solution out there that I’ve found.

I have even gotten to the point of where I tried using Group Policy Preferences to create a HKCU RunOnce key to run a batch file to delete the necessary files, add the proper registry keys, kill the explorer.exe process, but then I can’t start explorer again without using cmd.exe and I don’t want the user to have to log off and back on again and we can just have a missing shortcut sitting in the freaking taskbar, it confuses people. WTF!!!
Continue reading “Server 2012 – Remove Pinned Items on the Taskbar via Group Policy”

Posted on

Classic Shell – Remove First Run Wizard with Group Policy

Classic Shell is a necessary evil for any normal Windows user who wants to be able remain productive with introduction of the Start Screen in Server 2012 and Windows 8. As a network administrator, I highly recommend Classic Shell because it even has it’s own Group Policy templates that you can add in with the PolicyDefinitions inside your domain’s SYSVOL folder so you can at least somewhat try to put the Start Menu back to the way it once was. The Start Screen is a technical support person’s worst nightmare for novice users who don’t deal well with change (and trust me they don’t).

If you’re trying to customize a Remote Desktop Server environment, one somewhat annoying thing you will run into is trying to get rid of the first run wizard for Classic Shell. Obviously, the first run wizard is handy for anybody who wants to customize the look and feel of their Start Menu, but more than likely in a Remote Desktop environment, you’re going to want all this predefined with no user interaction so the chances of them screwing things up is slim to none.
Continue reading “Classic Shell – Remove First Run Wizard with Group Policy”

Posted on

Windows Terminal Server – Three Ways to Disable AVG Tray Icon via Group Policy

I scoured the internet forever and a day to find a way to disable the AVG tray icon in a Windows Terminal Server environment because as with most people, even though to make any major changes in the AVG settings it does require an admin password, I didn’t want my users to be able to toy around in there even, let alone run a bunch of malicious scans and slow the server down for everybody or gain access to view our AVG Business license key. I even contacted AVG technical support and they didn’t have a solution to my problem and I find it extremely hard to believe that I am the only person out there in the world facing this issue.

Well, today I finally figured out a way to disable the AVG tray icon via Group Policy using Software Restriction Policies. By creating a rule to prevent the running of the “avgui.exe” process, you can essentially disable the tray icon. As long as you have your group policies structured so that your users OU get a different group policy than say the admins OU, then the admins can still get into AVG, run any scans, or change any settings inside AVG. I guess I should mention that you could use this for any OU for that matter that you didn’t want to have access to the AVG UI, it’s not just limited to Remote Desktop Servers. Pretty sweet!
Continue reading “Windows Terminal Server – Three Ways to Disable AVG Tray Icon via Group Policy”

Posted on

Exchange Server 2010 – Purge the Deleted Items (RecoverableItems) Folder

Being the devoted Email Administrator that you are, you notice that the space for storing mailboxes on your Exchange Server is getting dangerously low, so you decide to take action. Logically, your first thought would be to have all your end users go through all the folders in their mailbox and get rid of any junk they don’t need and then empty their “Deleted Items” folder to regain the space back. After all, in most cases there really is no reason for users to keep every single email they’ve ever sent and received since the beginning of time (which a lot of them tend to do and I’ll never understand why).

Unfortunately, as you’ve probably already noticed, that is not the case. Simply having a user empty their “Deleted Items” folder has no effect on the database size whatsoever. This is partially due to the nifty feature that allows users to be able to recover deleted messages after they’ve already emptied their trash. By default, Exchange keeps deleted items for 14 days until they are purged, so now it is necessary to manually force the deletion of these items.
Continue reading “Exchange Server 2010 – Purge the Deleted Items (RecoverableItems) Folder”