Tuesday, December 2, 2014

Remove Power Shell and Server Manager Pinned Icons from Start Menu Server 2012

In Windows Server 2012 and Windows Server 2012 R2 by default all users have a Power Shell icon and a Server Manager icon pinned to their start menu.  When setting up a Remote Desktop Session Host with Windows Server 2012 Remote Desktop Services you may not want users to have the Server Manager icon or Power Shell icon especially when desktop access is enabled.

 
In previous versions of Windows Server there was a Group Policy setting called "Remove pinned programs list from the Start Menu" which administrators could use to remove these pinned applications from the start menu from Remote Desktop Session Hosts.
 
 
This policy no longer works on Windows Server 2012 and there is no well documented method available for doing this on the Internet.
 
In Windows Server 2012, the three default pinned applications on the start menu are located under the following location:
 
C:\Users\username\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar
 
 
The User Pinned\Taskbar  folder in the Quick Launch directory does not exist in the Default profile in Windows Server 2012 as shown below.


So how do these icons get created in the users profile and where do they come from?

This process appears to be hardcoded into Windows Server 2012 and executed upon creating a new user profile.  The user profile creation process creates Quick Launch\User Pinned\TaskBar folder as part of the login then copies a bunch of "lnk" shortcut files from the "All Users Profile".

Server Manager Pinned Icon

The "Server Manager.lnk" file gets copied by the user profile creation From:

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Server Manager.lnk"

To:

"C:\Users\username\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Server Manager.lnk"

Windows PowerShell Pinned Icon

The "Windows PowerShell.lnk" file gets copied by the user profile creation From:

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk"

To:

"C:\Users\username\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows PowerShell.lnk"

How to Prevent the icons from getting Populated to User Profiles

To stop the "Windows PowerShell.lnk" and "Server Manager.lnk" shortcuts from getting pinned to the start menu on all users, simply delete these icons from the All Users profile under "C:\ProgramData" from the following locations:

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Server Manager.lnk"

and

"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk"

 
Now when new users login for the first time, the User Profile creation process is unable to copy the "Server Manager.lnk" and "Windows PowerShell.lnk" shortcuts as they no longer exist as shown in the following screenshot.
 
 

13 comments:

  1. Brilliant! Thank you for sharing! I wonder why they got rid of the GP setting?

    ReplyDelete
  2. EXCELLENT information. Your directions are clear and concise, and easy to follow. Thanks for your hard work in posting this info.

    ReplyDelete
  3. Impressive way to remove icons.

    ReplyDelete
  4. Thank you very much!

    ReplyDelete
  5. I have tried many other suggestions/options even through GPO's. This is the ONLY ONE that worked for me, THANKS!!!

    ReplyDelete
  6. Thanks for the excellent post! This helped me to find another solution using GPO. There are lots of posts out there on how to do it using GPO but they were not working 100% and in this post the paths did not exactly match for me for some reason.

    The trick for me was identifying exactly where the files being copied is coming from. Once I knew that, I could control it using computer configuration ->policies->windows settings->security settings->file system. I added a new item. Entered the path starting with %AllUsersProfile%\microsoft\... to the lnk file. The path here should match the path \\program data\microsoft\....

    This setting sets the security permissions of the lnk to whatever you select in the GPO settings. Once this is done you can confirm that the actual lnk security properties update according to what is set in GPO. When the user logs in, the links are no longer there!

    If this is an existing user, you may have to manually remove the links from the location specified in this post. For new users, I've tested several times, the links do not show up as they don't have permission to copy per my GPO settings.

    Hope this helps others!

    ReplyDelete
    Replies
    1. Hi Sharlyne,
      I am setting up a Windows 2012R2 server for remote desktop and also trying to get rid of PowerShell and Server Manager in the Taskbar. I like more the idea of using a PGO for that purpose than deleting the shortcuts from the original place. My experience with Group Policy is limited and I tried to follow your words here but I was unable to get this to work. I wonder whether you could give me a detailed guide of how you accomplished that. Thank you very much.

      Delete
    2. hi,

      Try to rename following file. i hope it will help
      "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell" delete old profile folder from your Server and also remove from Registry ProfileList : "HKLM/software/Microsoft/windows nt/current version/profilelist". relogin again. i hope your problem will be solved :)

      Delete
  7. One thing I have started doing since one of our clients migrated to RDS with load balancing was to go onto each server as the admin and configure the profile as a user should then use a fantastic tool by Forensit called DefProf. It copies all settings and environment defaults from the designated location to the default user. While their tool was designed for Win7, it works flawlessly on Server 2012 R2 and other newer OSes. http://forensit.blogspot.com/2010/09/changing-default-profile-on-windows-7.html and the tool can be found: http://www.forensit.com/support-downloads.html

    ReplyDelete
  8. Hello,

    Thank you very much. This worked for me on Windows Server 2012 R2.


    Regards
    Vik

    ReplyDelete
  9. This is Great information, but how do you get rid of file explorer???? I really need to get rid of that one from the taskbar for all users, but still let me use a powershell script (that I have in the all users startup) to pin icons that I want to be there. Any ideas on this?

    ReplyDelete
  10. simply create a batch file and run it before deploying the RDSH to the desktop pool

    cd "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools"
    del "Windows PowerShell.lnk"
    cd\
    cd "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools"
    del "Server Manager.lnk"

    ReplyDelete