Share via


All Group Policy Settings for Remote Desktop Services in Windows Server 2008 R2

Applies To: Windows Server 2008 R2

The following is a list of all the Group Policy settings for Remote Desktop Services in Windows Server® 2008 R2. The list is organized by the Group Policy nodes in which they are located in the Group Policy Management Console (GPMC). Click a node to view more information about the policy settings, such as explanatory text and operating system requirements.

Computer Configuration Group Policy Settings

The following Group Policy settings are available under the Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services node of the GPMC.

Note

If you are using the Local Group Policy Editor, Policies is not part of the node path.

RD Licensing

  • License server security group

  • Prevent license upgrade

Remote Desktop Connection Client

  • Allow .rdp files from valid publishers and user's default .rdp settings

  • Allow.rdp files from unknown publishers

  • Do not allow password to be saved

  • Specify SHA1 thumbprints of certificates representing trusted .rdp publishers

  • Prompt for credentials on the client computer

  • Configure server authentication for client

RemoteFX USB Device Redirection

  • Allow RDP redirection of other supported RemoteFX USB devices from this computer

Application Compatibility

  • Turn off Windows Installer RDS Compatibility

  • Turn on Remote Desktop IP Virtualization

  • Select the network adapter to be used for Remote Desktop IP Virtualization

  • Do not use Remote Desktop Session Host server IP address when virtual IP address is not available

Connections

  • Automatic reconnection

  • Allow users to connect remotely using Remote Desktop Services

  • Deny logoff of an administrator logged in to the console session

  • Configure keep-alive connection interval

  • Limit number of connections

  • Sets rules for remote control of Remote Desktop Services user sessions

  • Restrict Remote Desktop Services users to a single Remote Desktop Services session

  • Allow remote start of unlisted programs

  • Turn off Fair Share CPU Scheduling

Device and Resource Redirection

  • Allow audio and video playback redirection

  • Allow audio recording redirection

  • Limit audio playback quality

  • Do not allow clipboard redirection

  • Do not allow COM port redirection

  • Do not allow drive redirection

  • Do not allow LPT port redirection

  • Do allow supported Plug and Play device redirection

  • Do not allow smart card device redirection

  • Allow time zone redirection

Licensing

  • Use the specified Remote Desktop license servers

  • Hide notifications about RD Licensing problems on RD Session Host server

  • Set the Remote Desktop licensing mode

Printer Redirection

  • Do not set default client printer to be default printer in a session

  • Do not allow client printer redirection

  • Use Remote Desktop Easy Print printer driver first

  • Specify RD Session Host server fallback printer driver behavior

  • Redirect only the default client printer

Profiles

  • Limit size of the entire roaming profile cache

  • Set Remote Desktop Services User Home Directory

  • Use mandatory profiles on the RD Session Host server

  • Set path for Remote Desktop Services Roaming User Profile

RD Connection Broker

  • Join RD Connection Broker

  • Configure RD Connection Broker farm name

  • Use IP Address Redirection

  • Configure RD Connection Broker server name

  • Use RD Connection Broker load balancing

Remote Session Environment

  • Limit maximum color depth

  • Enforce Removal of Remote Desktop Wallpaper

  • Configure RemoteFX

  • Limit maximum display resolution

  • Limit maximum number of monitors

  • Remove “Disconnect” option from Shut Down dialog

  • Remove Windows Security item from Start menu

  • Optimize visual experience when using RemoteFX

  • Set compression algorithm for RDP data

  • Optimize visual experience for Remote Desktop Services sessions

  • Start a program on connection

  • Always show desktop on connection

  • Allow desktop composition for remote desktop sessions

  • Do not allow font smoothing

Security

  • Server authentication Certificate Template

  • Set client connection encryption level

  • Always prompt client for password upon connection

  • Require secure RPC communication

  • Require use of specific security layer for remote (RDP) connections

  • Do not allow local administrators to customize permissions

  • Require user authentication for remote connections by using Network Level Authentication

Session Time Limits

  • Set time limit for disconnected sessions

  • Set time limit for active but idle Remote Desktop Services sessions

  • Set time limit for active Remote Desktop Services sessions

  • Terminate session when time limits are reached

  • Set time limit for logoff of RemoteApp sessions

Temporary Folders

  • Do not delete temp folder upon exit

  • Do not use temp folders per session

User Configuration Group Policy Settings

The following Group Policy settings are available under the User Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services node of the GPMC.

Note

If you are using the Local Group Policy Editor, Policies is not part of the node path.

RD Gateway

  • Set RD Gateway authentication method

  • Enable connection through RD Gateway

  • Set RD Gateway server address

Remote Desktop Connection Client

  • Allow .rdp files from valid publishers and user's default .rdp settings

  • Allow.rdp files from unknown publishers

  • Do not allow password to be saved

  • Specify SHA1 thumbprints of certificates representing trusted .rdp publishers

Connections

  • Set rules for remote control of Remote Desktop Services user sessions

Device and Resource Redirection

  • Allow time zone redirection

  • Do not allow clipboard redirection

Printer Redirection

  • Use Remote Desktop Easy Print printer driver first

  • Redirect only the default client printer

Remote Session Environment

  • Start a program on connection

  • Remove remote desktop wallpaper

  • Always show desktop on connection

Session Time Limits

  • Set time limit for disconnected sessions

  • Set time limit for active Remote Desktop Services sessions

  • Set time limit for active but idle Remote Desktop Services sessions

  • Terminate session when time limits are reached

  • Set time limit for logoff of RemoteApp sessions