Specify SHA1 thumbprints of certificates representing trusted .rdp publishers
This policy setting allows you to specify a list of Secure Hash Algorithm 1 (SHA1) certificate thumbprints that represent trusted Remote Desktop Protocol (. rdp) file publishers. If you enable this policy setting any certificate with an SHA1 thumbprint that matches a thumbprint on the list is trusted. If a user tries to start an . rdp file that is signed by a trusted certificate the user does not receive any warning messages when they start the file. To obtain the thumbprint view the certificate details and then click the Thumbprint field. If you disable or do not configure this policy setting no publisher is treated as a trusted . rdp publisher. Notes:You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer the list of certificate thumbprints trusted for a user is a combination of the list defined for the computer and the list defined for the user. This policy setting overrides the behavior of the “Allow . rdp files from valid publishers and user’s default . rdp settings” policy setting. If the list contains a string that is not a certificate thumbprint it is ignored.
Allow . rdp files from valid publishers and user’s default . rdp settings
This policy setting allows you to specify whether users can run Remote Desktop Protocol (. rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client such as the issuers in the client’s Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default . rdp settings (for example when a user directly opens the Remote Desktop Connection [RDC] client without specifying an . rdp file). If you enable or do not configure this policy setting users can run . rdp files that are signed with a valid certificate. Users can also start an RDP session with default . rdp settings by directly opening the RDC client. When a user starts an RDP session the user is asked to confirm whether they want to connect. If you disable this policy setting users cannot run . rdp files that are signed with a valid certificate. Additionally users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session the user receives a message that the publisher has been blocked. Note: You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer all users on the computer are affected.
Allow . rdp files from valid publishers and user’s default . rdp settings
This policy setting allows you to specify whether users can run Remote Desktop Protocol (. rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client such as the issuers in the client’s Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default . rdp settings (for example when a user directly opens the Remote Desktop Connection [RDC] client without specifying an . rdp file). If you enable or do not configure this policy setting users can run . rdp files that are signed with a valid certificate. Users can also start an RDP session with default . rdp settings by directly opening the RDC client. When a user starts an RDP session the user is asked to confirm whether they want to connect. If you disable this policy setting users cannot run . rdp files that are signed with a valid certificate. Additionally users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session the user receives a message that the publisher has been blocked. Note: You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer all users on the computer are affected.
Allow . rdp files from unknown publishers
This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (. rdp) files and . rdp files from unknown publishers on the client computer. If you enable or do not configure this policy setting users can run unsigned . rdp files and . rdp files from unknown publishers on the client computer. Before a user starts an RDP session the user receives a warning message and is asked to confirm whether they want to connect. If you disable this policy setting users cannot run unsigned . rdp files and . rdp files from unknown publishers on the client computer. If the user tries to start an RDP session the user receives a message that the publisher has been blocked.
Allow . rdp files from unknown publishers
This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (. rdp) files and . rdp files from unknown publishers on the client computer. If you enable or do not configure this policy setting users can run unsigned . rdp files and . rdp files from unknown publishers on the client computer. Before a user starts an RDP session the user receives a warning message and is asked to confirm whether they want to connect. If you disable this policy setting users cannot run unsigned . rdp files and . rdp files from unknown publishers on the client computer. If the user tries to start an RDP session the user receives a message that the publisher has been blocked.
Do not use temporary folders per session
This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders. You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user’s profile folder and are named with the sessionid. If you enable this policy setting per-session temporary folders are not created. Instead a user’s temporary files for all sessions on the remote computer are stored in a common Temp folder under the user’s profile folder on the remote computer. If you disable this policy setting per-session temporary folders are always created even if the server administrator specifies otherwise. If you do not configure this policy setting per-session temporary folders are created unless the server administrator specifies otherwise.
Do not delete temp folders upon exit
This policy setting specifies whether Remote Desktop Services retains a user’s per-session temporary folders at logoff. You can use this setting to maintain a user’s session-specific temporary folders on a remote computer even if the user logs off from a session. By default Remote Desktop Services deletes a user’s temporary folders when the user logs off. If you enable this policy setting a user’s per-session temporary folders are retained when the user logs off from a session. If you disable this policy setting temporary folders are deleted when a user logs off even if the server administrator specifies otherwise. If you do not configure this policy setting Remote Desktop Services deletes the temporary folders from the remote computer at logoff unless specified otherwise by the server administrator. Note: This setting only takes effect if per-session temporary folders are in use on the server. If you enable the Do not use temporary folders per session policy setting this policy setting has no effect.
Set time limit for active Remote Desktop Services sessions
This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected. If you enable this policy setting you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects which allows the user to save open files and close programs. If you have a console session active session time limits do not apply. If you disable or do not configure this policy setting this policy setting is not specified at the Group Policy level. By default Remote Desktop Services allows sessions to remain active for an unlimited amount of time. If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached you can configure the policy setting Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Session Time Limits -> End session when time limits are reached. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured the Computer Configuration policy setting takes precedence.
Set time limit for active Remote Desktop Services sessions
This policy setting allows you to specify the maximum amount of time that a Remote Desktop Services session can be active before it is automatically disconnected. If you enable this policy setting you must select the desired time limit in the Active session limit list. Remote Desktop Services will automatically disconnect active sessions after the specified amount of time. The user receives a warning two minutes before the Remote Desktop Services session disconnects which allows the user to save open files and close programs. If you have a console session active session time limits do not apply. If you disable or do not configure this policy setting this policy setting is not specified at the Group Policy level. By default Remote Desktop Services allows sessions to remain active for an unlimited amount of time. If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached you can configure the policy setting Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Session Time Limits -> End session when time limits are reached. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured the Computer Configuration policy setting takes precedence.
Set time limit for active but idle Remote Desktop Services sessions
This policy setting allows you to specify the maximum amount of time that an active Remote Desktop Services session can be idle (without user input) before it is automatically disconnected. If you enable this policy setting you must select the desired time limit in the Idle session limit list. Remote Desktop Services will automatically disconnect active but idle sessions after the specified amount of time. The user receives a warning two minutes before the session disconnects which allows the user to press a key or move the mouse to keep the session active. If you have a console session idle session time limits do not apply. If you disable or do not configure this policy setting the time limit is not specified at the Group Policy level. By default Remote Desktop Services allows sessions to remain active but idle for an unlimited amount of time. If you want Remote Desktop Services to end instead of disconnect a session when the time limit is reached you can configure the policy setting Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Session Time Limits -> End session when time limits are reached. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured the Computer Configuration policy setting takes precedence.