Disabling the Ctrl-Alt-End Key

[pchan]

Is there anyway to disable the Ctrl-Alt-End keys in a terminal session so the user cannot get into the tasks screen?

 

[brontosaurus]

how about setting up a policy that disables running task manager?

 

[Davetoo]

How do you do that with a GPO? I found where to not allow applications to run, but the information states it can't be used to prevent Task Manager from running? When I tried it and added taskmgr.exe, it still run the task manager with the CTRL-ALT-END.

I'd like to disable that ability as well.

 

[Davetoo]

I've also followed the Q278295, and still can do a CTRL-ALT-END and run the task manager. But...although I ran the secedit enforce, the GPO might not be enforced yet? Have to see.

 

[pchan]

Thanks,

I will keep researching. I have the user starting a application at startup but do not want the savvy user to get into task manager and do other stuff.

The only way I see it can be done now is thru Citrix.

 

[brontosaurus]

User Configuration\Administrative Templates\System\Logon/Logoff\Disable Task Manager

 

[Davetoo]

Set that in the GPO, waited two hours, still can access the task manager via CTRL-ALT-END.

 

[Davetoo]

Just realized something that might be affecting my results.

I have a group that has the log-on locally option set so that the members of this group can use terminal services on the server (member server). I created a new OU, created a new group policy for this new OU, then moved the group setup to use terminal services into the new OU.

I was thinking, do I need to move the computer into this new OU as well? or am I missing something basic here?

Thanks.

 

[brontosaurus]

it's a User configuration, you shouldn't have to move the machine accounts.

 

[Davetoo]

Ok, before I go any further. I want these restrictions to apply only when the user is logged into a terminal server. The users use the same logon for their local machines, I don't want these settings to apply when they're logged on to their local machines. I have them in multiple groups, including the group that I've applied the GPO to to restrict the terminal session. But it seems this won't work?

 

[brontosaurus]

yup, it's not restricted to just terminal server...sorry.

 

[Davetoo]

Yeah...that's a big problem. Well, at least I found out before I rolled it out to everyone. It was still in it's testing phase.

Thanks.

 

[nryan1980]

I know you can access Task Manager via Ctrl-Shift-Esc, however, don't know about in a terminal session. Don't know if it will run Task Man on the local machine, or the machine that you're connected to remotely.

 

[golyg]

Hi I just noticed this: thread621-488019.
i;m not sure if it pertains to your problem.
check out that site winguides.com.
pretty good site for tips and tweaks.

good luck

 

[Davetoo]

I found a simple solution. I installed appsec on the terminal server and set which applications were allowed to run, and it fixed my problem. CTRL-ALT-END doesn't work now in a terminal session.

Thanks.

 

[Davetoo]

Oh, and a PS. Although I'm still working on it, MS says to apply a GPO Loopback policy to the terminal server, which is *supposed* to give you the ability to set a GPO that will only be effective when a user logs into the terminal server. This should, in effect, allow me to setup a GPO that will apply only to the users when they logon to my terminal server. I'm gleaning this from KB 260370, but again, I haven't tested it yet.

Thanks.

 

[kameleon80]

Pchan I blelieve what your looking for can be found under the computer configuration in a GPO. Computer configuration, Admin. Templates, System,should see remove security option from start menu (Teminal serviced only)


let me know how it goes.

good luck

 

[pchan]

Thank you...I'll check and get back to you guys