Tag: Computer Configuration
Do not allow smart card device redirection
This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session. If you enable this policy setting Remote Desktop Services users cannot use a smart card to log on to a Remote Desktop Services session. If you disable or do not configure this policy setting smart card device redirection is allowed. By default Remote Desktop Services automatically redirects smart card devices on connection. Note: The client computer must be running at least Microsoft Windows 2000 Server or at least Microsoft Windows XP Professional and the target server must be joined to a domain.
Allow time zone redirection
This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session. If you enable this policy setting clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone). If you disable or do not configure this policy setting the client computer does not redirect its time zone information and the session time zone is the same as the server time zone. Note: Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5. 1 and later.
Require secure RPC communication
Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests. If the status is set to Enabled Remote Desktop Services accepts requests from RPC clients that support secure requests and does not allow unsecured communication with untrusted clients. If the status is set to Disabled Remote Desktop Services always requests security for all RPC traffic. However unsecured communication is allowed for RPC clients that do not respond to the request. If the status is set to Not Configured unsecured communication is allowed. Note: The RPC interface is used for administering and configuring Remote Desktop Services.
Join RD Connection Broker
This policy setting allows you to specify whether the RD Session Host server should join a farm in RD Connection Broker. RD Connection Broker tracks user sessions and allows a user to reconnect to their existing session in a load-balanced RD Session Host server farm. To participate in RD Connection Broker the Remote Desktop Session Host role service must be installed on the server. If the policy setting is enabled the RD Session Host server joins the farm that is specified in the RD Connection Broker farm name policy setting. The farm exists on the RD Connection Broker server that is specified in the Configure RD Connection Broker server name policy setting. If you disable this policy setting the server does not join a farm in RD Connection Broker and user session tracking is not performed. If the policy setting is disabled you cannot use either the Remote Desktop Session Host Configuration tool or the Remote Desktop Services WMI Provider to join the server to RD Connection Broker. If the policy setting is not configured the policy setting is not specified at the Group Policy level. Notes: 1. If you enable this policy setting you must also enable the Configure RD Connection Broker farm name and Configure RD Connection Broker server name policy settings. 2. For Windows Server 2008 this policy setting is supported on at least Windows Server 2008 Standard.
Do not set default client printer to be default printer in a session
This policy setting allows you to specify whether the client default printer is automatically set as the default printer in a session on an RD Session Host server. By default Remote Desktop Services automatically designates the client default printer as the default printer in a session on an RD Session Host server. You can use this policy setting to override this behavior. If you enable this policy setting the default printer is the printer specified on the remote computer. If you disable this policy setting the RD Session Host server automatically maps the client default printer and sets it as the default printer upon connection. If you do not configure this policy setting the default printer is not specified at the Group Policy level.
Use Remote Desktop Easy Print printer driver first
This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer the client printer is not available for the Remote Desktop session. If you disable this policy setting the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used the client printer is not available for the Remote Desktop Services session. Note: If the “Do not allow client printer redirection” policy setting is enabled the “Use Remote Desktop Easy Print printer driver first” policy setting is ignored.
Do not allow drive redirection
This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection). By default an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in File Explorer or Computer in the format
Do not allow LPT port redirection
This policy setting specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session. You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default Remote Desktop Services allows LPT port redirection. If you enable this policy setting users in a Remote Desktop Services session cannot redirect server data to the local LPT port. If you disable this policy setting LPT port redirection is always allowed. If you do not configure this policy setting LPT port redirection is not specified at the Group Policy level.
Do not allow supported Plug and Play device redirection
This policy setting allows you to control the redirection of supported Plug and Play devices such as Windows Portable Devices to the remote computer in a Remote Desktop Services session. By default Remote Desktop Services allows redirection of supported Plug and Play devices. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer. If you enable this policy setting users cannot redirect their supported Plug and Play devices to the remote computer. If you disable or do not configure this policy setting users can redirect their supported Plug and Play devices to the remote computer. Note: You can disable redirection of specific types of supported Plug and Play devices by using Computer Configuration -> Administrative Templates -> System -> Device Installation -> Device Installation Restrictions policy settings.
Do not allow client printer redirection
This policy setting allows you to specify whether to prevent the mapping of client printers in Remote Desktop Services sessions. You can use this policy setting to prevent users from redirecting print jobs from the remote computer to a printer attached to their local (client) computer. By default Remote Desktop Services allows this client printer mapping. If you enable this policy setting users cannot redirect print jobs from the remote computer to a local client printer in Remote Desktop Services sessions. If you disable this policy setting users can redirect print jobs with client printer mapping. If you do not configure this policy setting client printer mapping is not specified at the Group Policy level.