Parallels RAS Best Practices Guide
ProductsSupportPartnersDocumentation
  • Introduction
  • Active Directory and Infrastructure Services Considerations
    • Active Directory
    • DNS
    • DHCP
    • File Services
  • Installation Procedures
    • Windows Server Requirements
    • Windows Server Roles & Features
  • Remote Access Configuration
    • Remote Desktop and Terminal Server Performance Settings
    • General Performance Related Settings
    • CPU Optimization
    • Optimizations
    • Configure RemoteFX
      • General Purpose RemoteFX Settings
        • Remote FX Settings for Windows Server 2008 R2
        • RemoteFX settings for Windows Server 2012 and 2012 R2
        • RemoteFX Settings for Windows Workstations Running Remote PC Agents and Guest Agents
        • Configure RemoteFX Adaptive Graphics
        • Configure RemoteFX Lossless Graphics
        • Use the Hardware Default Graphics Adapter for all Remote Desktop Services Sessions
        • Remote FX USB Redirection
        • Enable Audio / Recording Redirection
        • Audio and Video Playback
        • Time Zone Redirection
        • Device and Resource Redirection
        • Remote Session Environment (H.264, RemoteFX, Adaptive Acceleration)
        • Windows Server 2008 R2 RemoteFX Compatibility
    • RDP Optimizations
      • For Windows Server 2008 and Windows Server 2008 R2
      • For Windows Server versions 2012/2012 R2/2016/2019
    • RDP Security
    • Locking Down TS/RDS Host
    • Disable Administrative Components
    • Antivirus Exclusions
  • Printer and Drive Mapping
    • Printer and Drive Mapping
    • Printing/Scanning Compression
  • Miscellaneous
    • Load Balancing
    • Groups
    • Filtering
    • Disable Application Monitoring
    • Server Reboots
    • Backups
    • Large File Upload / Download via Drive Redirection
    • Remove Gateway Browsing from Your LAN
    • Remove Self-Signed Certificate Error
    • Remote PCs
    • VDI
  • Parallels RAS User Portal
Powered by GitBook

Social media

  • Facebook
  • Twitter
  • LinkedIn
  • YouTube

Other Resources

  • Feedback

© 2025 Parallels International GmbH. All rights reserved.

On this page
  • Disable Control panel items, Administrative Tools, and PowerShell
  • Disable Registry Modification
  • Windows Updates and Installer
  • Control Panel
  • Administrative Tools and PowerShell
Export as PDF
  1. Remote Access Configuration

Disable Administrative Components

Disable Control panel items, Administrative Tools, and PowerShell

Various control panels, administrative tools, and server settings should be disabled for standard user access if otherwise not required by organization. To disable control panel items, the following policies can be carried out from the Group Policy Microsoft Management Console (MMC): User Configuration\Administrative Templates\Control Panel

Disable Registry Modification

For added security, users should be restricted to not make any registry modifications: User Configuration\Policies\Administrative Templates\System

Windows Updates and Installer

These policy setting prevents users from using Windows Installer to install patches and disables Windows update and shutdown notifications. This can be carried out from the Group Policy Microsoft Management Console (MMC):

  • Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Installer

  • Computer Configuration\Administrative Templates\Windows Components\Windows Update

Control Panel

The following Control Panel items may be removed from the list of items available for standard user access:

  • Microsoft.AdministrativeTools

  • Microsoft.AutoPlay

  • Microsoft.ActionCenter

  • Microsoft.ColorManagement

  • Microsoft.DefaultPrograms

  • Microsoft.DeviceManager

  • Microsoft.EaseOfAccessCenter

  • Microsoft.FolderOptions

  • Microsoft.iSCSIInitiator

  • Microsoft.NetworkAndSharingCenter

  • Microsoft.NotificationAreaIcons

  • Microsoft.PhoneAndModem

  • Microsoft.PowerOptions

  • Microsoft.ProgramsAndFeatures

  • Microsoft.System

  • Microsoft.TextToSpeech

  • Microsoft.UserAccounts

  • Microsoft.WindowsFirewall

  • Microsoft.WindowsUpdate

  • Microsoft.DateAndTime

  • Microsoft.RegionAndLanguage

  • Microsoft.RemoteAppAndDesktopConnections

  • Install Application On Remote Desktop Server

  • Java

  • Flash Player

Administrative Tools and PowerShell

  • Navigate to Computer Configuration > Policies > Windows Settings > Security Settings.

  • Right click on File System, choose Add File.

  • In the Add a file or folder window, put %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools in the Folder field and click OK.

  • On the next window Database Security for%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Server Manager.lnk remove Users and check that Administrators have Full Access

  • On the Add Object window choose Configure this file or folder then Propagate inheritable permissions to all subfolders and files. Click OK.

  • Do the same for PowerShell shortcut (+ delete Creator Owner in database security): %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk

  • Do the same for Server Manager shortcut: %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Server Manager.lnk

PreviousLocking Down TS/RDS HostNextAntivirus Exclusions

Last updated 9 months ago