Tag: User Configuration
Allow . rdp files from unknown publishers
This policy setting allows you to specify whether users can run unsigned Remote Desktop Protocol (. rdp) files and . rdp files from unknown publishers on the client computer. If you enable or do not configure this policy setting users can run unsigned . rdp files and . rdp files from unknown publishers on the client computer. Before a user starts an RDP session the user receives a warning message and is asked to confirm whether they want to connect. If you disable this policy setting users cannot run unsigned . rdp files and . rdp files from unknown publishers on the client computer. If the user tries to start an RDP session the user receives a message that the publisher has been blocked.
Allow . rdp files from valid publishers and user’s default . rdp settings
This policy setting allows you to specify whether users can run Remote Desktop Protocol (. rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one issued by an authority recognized by the client such as the issuers in the client’s Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default . rdp settings (for example when a user directly opens the Remote Desktop Connection [RDC] client without specifying an . rdp file). If you enable or do not configure this policy setting users can run . rdp files that are signed with a valid certificate. Users can also start an RDP session with default . rdp settings by directly opening the RDC client. When a user starts an RDP session the user is asked to confirm whether they want to connect. If you disable this policy setting users cannot run . rdp files that are signed with a valid certificate. Additionally users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session the user receives a message that the publisher has been blocked. Note: You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer all users on the computer are affected.
End session when time limits are reached
This policy setting Sspecifies whether to end a Remote Desktop Services session that has timed out instead of disconnecting it. You can use this setting to direct Remote Desktop Services to end a session (that is the user is logged off and the session is deleted from the server) after time limits for active or idle sessions are reached. By default Remote Desktop Services disconnects sessions that reach their time limits. Time limits are set locally by the server administrator or by using Group Policy. See the policy settings Set time limit for active Remote Desktop Services sessions and Set time limit for active but idle Remote Desktop Services sessions policy settings. If you enable this policy setting Remote Desktop Services ends any session that reaches its time-out limit. If you disable this policy setting Remote Desktop Services always disconnects a timed-out session even if specified otherwise by the server administrator. If you do not configure this policy setting Remote Desktop Services disconnects a timed-out session unless specified otherwise in local settings. Note: This policy setting only applies to time-out limits that are explicitly set by the administrator. This policy setting does not apply to time-out events that occur due to connectivity or network conditions. This setting appears in both Computer Configuration and User Configuration. If both settings are configured the Computer Configuration setting takes precedence.
Set time limit for disconnected sessions
This policy setting allows you to configure a time limit for disconnected Remote Desktop Services sessions. You can use this policy setting to specify the maximum amount of time that a disconnected session remains active on the server. By default Remote Desktop Services allows users to disconnect from a Remote Desktop Services session without logging off and ending the session. When a session is in a disconnected state running programs are kept active even though the user is no longer actively connected. By default these disconnected sessions are maintained for an unlimited time on the server. If you enable this policy setting disconnected sessions are deleted from the server after the specified amount of time. To enforce the default behavior that disconnected sessions are maintained for an unlimited time select Never. If you have a console session disconnected session time limits do not apply. If you disable or do not configure this policy setting this policy setting is not specified at the Group Policy level. Be y default Remote Desktop Services disconnected sessions are maintained for an unlimited amount of time. Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured the Computer Configuration policy setting takes precedence.
Use Remote Desktop Easy Print printer driver first
This policy setting allows you to specify whether the Remote Desktop Easy Print printer driver is used first to install all client printers. If you enable or do not configure this policy setting the RD Session Host server first tries to use the Remote Desktop Easy Print printer driver to install all client printers. If for any reason the Remote Desktop Easy Print printer driver cannot be used a printer driver on the RD Session Host server that matches the client printer is used. If the RD Session Host server does not have a printer driver that matches the client printer the client printer is not available for the Remote Desktop session. If you disable this policy setting the RD Session Host server tries to find a suitable printer driver to install the client printer. If the RD Session Host server does not have a printer driver that matches the client printer the server tries to use the Remote Desktop Easy Print driver to install the client printer. If for any reason the Remote Desktop Easy Print printer driver cannot be used the client printer is not available for the Remote Desktop Services session. Note: If the “Do not allow client printer redirection” policy setting is enabled the “Use Remote Desktop Easy Print printer driver first” policy setting is ignored.
Set rules for remote control of Remote Desktop Services user sessions
If you enable this policy setting administrators can interact with a user’s Remote Desktop Services session based on the option selected. Select the desired level of control and permission from the options list:1. No remote control allowed: Disallows an administrator to use remote control or view a remote user session. 2. Full Control with user’s permission: Allows the administrator to interact with the session with the user’s consent. 3. Full Control without user’s permission: Allows the administrator to interact with the session without the user’s consent. 4. View Session with user’s permission: Allows the administrator to watch the session of a remote user with the user’s consent. 5. View Session without user’s permission: Allows the administrator to watch the session of a remote user without the user’s consent. If you disable this policy setting administrators can interact with a user’s Remote Desktop Services session with the user’s consent.
Start a program on connection
Configures Remote Desktop Services to run a specified program automatically upon connection. You can use this setting to specify a program to run automatically when a user logs on to a remote computer. By default Remote Desktop Services sessions provide access to the full Windows desktop unless otherwise specified with this setting by the server administrator or by the user in configuring the client connection. Enabling this setting overrides the “Start Program” settings set by the server administrator or user. The Start menu and Windows Desktop are not displayed and when the user exits the program the session is automatically logged off. To use this setting in Program path and file name type the fully qualified path and file name of the executable file to be run when the user logs on. If necessary in Working Directory type the fully qualified path to the starting directory for the program. If you leave Working Directory blank the program runs with its default working directory. If the specified program path file name or working directory is not the name of a valid directory the RD Session Host server connection fails with an error message. If the status is set to Enabled Remote Desktop Services sessions automatically run the specified program and use the specified Working Directory (or the program default directory if Working Directory is not specified) as the working directory for the program. If the status is set to Disabled or Not Configured Remote Desktop Services sessions start with the full desktop unless the server administrator or user specify otherwise. (See “Computer Configuration -> Administrative Templates -> System -> Logon -> Run these programs at user logon” setting. )Note: This setting appears in both Computer Configuration and User Configuration. If both settings are configured the Computer Configuration setting overrides.
Do not allow passwords to be saved
Controls whether a user can save passwords using Remote Desktop Connection. If you enable this setting the credential saving checkbox in Remote Desktop Connection will be disabled and users will no longer be able to save passwords. When a user opens an RDP file using Remote Desktop Connection and saves his settings any password that previously existed in the RDP file will be deleted. If you disable this setting or leave it not configured the user will be able to save passwords using Remote Desktop Connection
Set RD Gateway authentication method
Specifies the authentication method that clients must use when attempting to connect to an RD Session Host server through an RD Gateway server. You can enforce this policy setting or you can allow users to overwrite this policy setting. By default when you enable this policy setting it is enforced. When this policy setting is enforced users cannot override this setting even if they select the “Use these RD Gateway server settings” option on the client. To allow users to overwrite this policy setting select the “Allow users to change this setting” check box. When you do this users can specify an alternate authentication method by configuring settings on the client using an RDP file or using an HTML script. If users do not specify an alternate authentication method the authentication method that you specify in this policy setting is used by default. If you disable or do not configure this policy setting the authentication method that is specified by the user is used if one is specified. If an authentication method is not specified the NTLM protocol that is enabled on the client or a smart card can be used for authentication.
Enable connection through RD Gateway
If you enable this policy setting when Remote Desktop Connection cannot connect directly to a remote computer (an RD Session Host server or a computer with Remote Desktop enabled) the clients will attempt to connect to the remote computer through an RD Gateway server. In this case the clients will attempt to connect to the RD Gateway server that is specified in the “Set RD Gateway server address” policy setting. You can enforce this policy setting or you can allow users to overwrite this setting. By default when you enable this policy setting it is enforced. When this policy setting is enforced users cannot override this setting even if they select the “Use these RD Gateway server settings” option on the client. Note: To enforce this policy setting you must also specify the address of the RD Gateway server by using the “Set RD Gateway server address” policy setting or client connection attempts to any remote computer will fail if the client cannot connect directly to the remote computer. To enhance security it is also highly recommended that you specify the authentication method by using the “Set RD Gateway authentication method” policy setting. If you do not specify an authentication method by using this policy setting either the NTLM protocol that is enabled on the client or a smart card can be used. To allow users to overwrite this policy setting select the “Allow users to change this setting” check box. When you do this users on the client can choose not to connect through the RD Gateway server by selecting the “Do not use an RD Gateway server” option. Users can specify a connection method by configuring settings on the client using an RDP file or using an HTML script. If users do not specify a connection method the connection method that you specify in this policy setting is used by default. If you disable or do not configure this policy setting clients will not use the RD Gateway server address that is specified in the “Set RD Gateway server address” policy setting. If an RD Gateway server is specified by the user a client connection attempt will be made through that RD Gateway server.