Tag: Computer Configuration

This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems. A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008 and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003. By default if the most appropriate RDS CAL is not available for a connection a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL if available to the following:* A client connecting to a Windows Server 2003 terminal server* A client connecting to a Windows 2000 terminal serverIf you enable this policy setting the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server is not available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired the client will not be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server has not expired. If you disable or do not configure this policy setting the license server will exhibit the default behavior noted earlier.

Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded addtional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. By default RD Session Host servers allow an unlimited number of Remote Desktop Services sessions and Remote Desktop for Administration allows two Remote Desktop Services sessions. To use this setting enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections type 999999. If the status is set to Enabled the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server. If the status is set to Disabled or Not Configured limits to the number of connections are not enforced at the Group Policy level. Note: This setting is designed to be used on RD Session Host servers (that is on servers running Windows with Remote Desktop Session Host role service installed).

This policy setting allows you to restrict users to a single Remote Desktop Services session. If you enable this policy setting users who log on remotely by using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state the user automatically reconnects to that session at the next logon. If you disable this policy setting users are allowed to make unlimited simultaneous remote connections by using Remote Desktop Services. If you do not configure this policy setting this policy setting is not specified at the Group Policy level.

Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user logs on to a remote computer. By default Remote Desktop Services sessions provide access to the full Windows desktop unless otherwise specified with this setting by the server administrator or by the user in configuring the client connection. Enabling this setting overrides the “Start Program” settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed and when the user exits the program the session is automatically logged off. To use this setting in Program path and file name type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary in Working Directory type the fully qualified path to the starting directory for the program. If you leave Working Directory blank the program runs with its default working directory. If the specified program path file name or working directory is not the name of a valid directory the RD Session Host server connection fails with an error message. If the status is set to Enabled Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory if Working Directory is not specified) as the working directory for the program. If the status is set to Disabled or Not Configured Remote Desktop Services sessions start with the full desktop unless the server administrator or user specify otherwise. (See “Computer Configuration -> Administrative Templates -> System -> Logon -> Run these programs at user logon” setting. )Note: This setting appears in both Computer Configuration and User Configuration. If both settings are configured the Computer Configuration setting overrides.

This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default administrators are able to make such changes. If you enable this policy setting the default security descriptors for existing groups on the RD Session Host server cannot be changed. All the security descriptors are read-only. If you disable or do not configure this policy setting server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider. Note: The preferred method of managing user access is by adding a user to the Remote Desktop Users group.