Set Remote Desktop Services User Home Directory
Specifies whether Remote Desktop Services uses the specified network share or local directory path as the root of the user’s home directory for a Remote Desktop Services session. To use this setting select the location for the home directory (network or local) from the Location drop-down list. If you choose to place the directory on a network share type the Home Dir Root Path in the form -> -> Computername -> Sharename and then select the drive letter to which you want the network share to be mapped. If you choose to keep the home directory on the local computer type the Home Dir Root Path in the form “Drive: -> Path” (without quotes) without environment variables or ellipses. Do not specify a placeholder for user alias because Remote Desktop Services automatically appends this at logon. Note: The Drive Letter field is ignored if you choose to specify a local path. If you choose to specify a local path but then type the name of a network share in Home Dir Root Path Remote Desktop Services places user home directories in the network location. If the status is set to Enabled Remote Desktop Services creates the user’s home directory in the specified location on the local computer or the network. The home directory path for each user is the specified Home Dir Root Path and the user’s alias. If the status is set to Disabled or Not Configured the user’s home directory is as specified at the server.
Always show desktop on connection
This policy setting determines whether the desktop is always displayed after a client connects to a remote computer or an initial program can run. It can be used to require that the desktop be displayed after a client connects to a remote computer even if an initial program is already specified in the default user profile Remote Desktop Connection Remote Desktop Services client or through Group Policy. If you enable this policy setting the desktop is always displayed when a client connects to a remote computer. This policy setting overrides any initial program policy settings. If you disable or do not configure this policy setting an initial program can be specified that runs on the remote computer after the client connects to the remote computer. If an initial program is not specified the desktop is always displayed on the remote computer after the client connects to the remote computer. Note: If this policy setting is enabled then the “Start a program on connection” policy setting is ignored.
Do not allow local administrators to customize permissions
This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default administrators are able to make such changes. If you enable this policy setting the default security descriptors for existing groups on the RD Session Host server cannot be changed. All the security descriptors are read-only. If you disable or do not configure this policy setting server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider. Note: The preferred method of managing user access is by adding a user to the Remote Desktop Users group.
Start a program on connection
Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user logs on to a remote computer. By default Remote Desktop Services sessions provide access to the full Windows desktop unless otherwise specified with this setting by the server administrator or by the user in configuring the client connection. Enabling this setting overrides the “Start Program” settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed and when the user exits the program the session is automatically logged off. To use this setting in Program path and file name type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary in Working Directory type the fully qualified path to the starting directory for the program. If you leave Working Directory blank the program runs with its default working directory. If the specified program path file name or working directory is not the name of a valid directory the RD Session Host server connection fails with an error message. If the status is set to Enabled Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory if Working Directory is not specified) as the working directory for the program. If the status is set to Disabled or Not Configured Remote Desktop Services sessions start with the full desktop unless the server administrator or user specify otherwise. (See “Computer Configuration -> Administrative Templates -> System -> Logon -> Run these programs at user logon” setting. )Note: This setting appears in both Computer Configuration and User Configuration. If both settings are configured the Computer Configuration setting overrides.
Start a program on connection
Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user logs on to a remote computer. By default Remote Desktop Services sessions provide access to the full Windows desktop unless otherwise specified with this setting by the server administrator or by the user in configuring the client connection. Enabling this setting overrides the “Start Program” settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed and when the user exits the program the session is automatically logged off. To use this setting in Program path and file name type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary in Working Directory type the fully qualified path to the starting directory for the program. If you leave Working Directory blank the program runs with its default working directory. If the specified program path file name or working directory is not the name of a valid directory the RD Session Host server connection fails with an error message. If the status is set to Enabled Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory if Working Directory is not specified) as the working directory for the program. If the status is set to Disabled or Not Configured Remote Desktop Services sessions start with the full desktop unless the server administrator or user specify otherwise. (See “Computer Configuration -> Administrative Templates -> System -> Logon -> Run these programs at user logon” setting. )Note: This setting appears in both Computer Configuration and User Configuration. If both settings are configured the Computer Configuration setting overrides.
Restrict Remote Desktop Services users to a single Remote Desktop Services session
This policy setting allows you to restrict users to a single Remote Desktop Services session. If you enable this policy setting users who log on remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state the user automatically reconnects to that session at the next logon. If you disable this policy setting users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. If you do not configure this policy setting this policy setting is not specified at the Group Policy level.
Set rules for remote control of Remote Desktop Services user sessions
If you enable this policy setting administrators can interact with a user’s Remote Desktop Services session based on the option selected. Select the desired level of control and permission from the options list:1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session. 2. Full Control with user’s permission: Allows the administrator to interact with the session with the user’s consent. 3. Full Control without user’s permission: Allows the administrator to interact with the session without the user’s consent. 4. View Session with user’s permission: Allows the administrator to watch the session of a remote user with the user’s consent. 5. View Session without user’s permission: Allows the administrator to watch the session of a remote user without the user’s consent. If you disable this policy setting administrators can interact with a user’s Remote Desktop Services session with the user’s consent.
Set rules for remote control of Remote Desktop Services user sessions
If you enable this policy setting administrators can interact with a user’s Remote Desktop Services session based on the option selected. Select the desired level of control and permission from the options list:1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session. 2. Full Control with user’s permission: Allows the administrator to interact with the session with the user’s consent. 3. Full Control without user’s permission: Allows the administrator to interact with the session without the user’s consent. 4. View Session with user’s permission: Allows the administrator to watch the session of a remote user with the user’s consent. 5. View Session without user’s permission: Allows the administrator to watch the session of a remote user without the user’s consent. If you disable this policy setting administrators can interact with a user’s Remote Desktop Services session with the user’s consent.
Suspend user sign-in to complete app registration
This policy setting allows you to specify whether the app registration is completed before showing the Start screen to the user. By default when a new user signs in to a computer the Start screen is shown and apps are registered in the background. However some apps may not work until app registration is complete. If you enable this policy setting user sign-in is blocked for up to 6 minutes to complete the app registration. You can use this policy setting when customizing the Start screen on Remote Desktop Session Host servers. If you disable or do not configure this policy setting the Start screen is shown and apps are registered in the background.
Remove Windows Security item from Start menu
Specifies whether to remove the Windows Security item from the Settings menu on Remote Desktop clients. You can use this setting to prevent inexperienced users from logging off from Remote Desktop Services inadvertently. If the status is set to Enabled Windows Security does not appear in Settings on the Start menu. As a result users must type a security attention sequence such as CTRL+ALT+END to open the Windows Security dialog box on the client computer. If the status is set to Disabled or Not Configured Windows Security remains in the Settings menu.