Category: At least Windows Server 2003

Prevents Windows Media Digital Rights Management (DRM) from accessing the Internet (or intranet). When enabled Windows Media DRM is prevented from accessing the Internet (or intranet) for license acquisition and security upgrades. When this policy is enabled programs are not able to acquire licenses for secure content upgrade Windows Media DRM security components or restore backed up content licenses. Secure content that is already licensed to the local computer will continue to play. Users are also able to protect music that they copy from a CD and play this protected content on their computer since the license is generated locally in this scenario. When this policy is either disabled or not configured Windows Media DRM functions normally and will connect to the Internet (or intranet) to acquire licenses download security upgrades and perform license restoration.

This policy setting specifies whether Remote Desktop Services retains a user’s per-session temporary folders at logoff. You can use this setting to maintain a user’s session-specific temporary folders on a remote computer even if the user logs off from a session. By default Remote Desktop Services deletes a user’s temporary folders when the user logs off. If you enable this policy setting a user’s per-session temporary folders are retained when the user logs off from a session. If you disable this policy setting temporary folders are deleted when a user logs off even if the server administrator specifies otherwise. If you do not configure this policy setting Remote Desktop Services deletes the temporary folders from the remote computer at logoff unless specified otherwise by the server administrator. Note: This setting only takes effect if per-session temporary folders are in use on the server. If you enable the Do not use temporary folders per session policy setting this policy setting has no effect.

This policy setting allows you to prevent Remote Desktop Services from creating session-specific temporary folders. You can use this policy setting to disable the creation of separate temporary folders on a remote computer for each session. By default Remote Desktop Services creates a separate temporary folder for each active session that a user maintains on a remote computer. These temporary folders are created on the remote computer in a Temp folder under the user’s profile folder and are named with the sessionid. If you enable this policy setting per-session temporary folders are not created. Instead a user’s temporary files for all sessions on the remote computer are stored in a common Temp folder under the user’s profile folder on the remote computer. If you disable this policy setting per-session temporary folders are always created even if the server administrator specifies otherwise. If you do not configure this policy setting per-session temporary folders are created unless the server administrator specifies otherwise.

This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session. If you enable this policy setting clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone). If you disable or do not configure this policy setting the client computer does not redirect its time zone information and the session time zone is the same as the server time zone. Note: Time zone redirection is possible only when connecting to at least a Microsoft Windows Server 2003 terminal server with a client using RDP 5. 1 and later.

Specifies whether a Remote Desktop Session Host server requires secure RPC communication with all clients or allows unsecured communication. You can use this setting to strengthen the security of RPC communication with clients by allowing only authenticated and encrypted requests. If the status is set to Enabled Remote Desktop Services accepts requests from RPC clients that support secure requests and does not allow unsecured communication with untrusted clients. If the status is set to Disabled Remote Desktop Services always requests security for all RPC traffic. However unsecured communication is allowed for RPC clients that do not respond to the request. If the status is set to Not Configured unsecured communication is allowed. Note: The RPC interface is used for administering and configuring Remote Desktop Services.

This policy setting allows you to specify the network path that Remote Desktop Services uses for roaming user profiles. By default Remote Desktop Services stores all user profiles locally on the RD Session Host server. You can use this policy setting to specify a network share where user profiles can be centrally stored allowing a user to access the same profile for sessions on all RD Session Host servers that are configured to use the network share for user profiles. If you enable this policy setting Remote Desktop Services uses the specified path as the root directory for all user profiles. The profiles are contained in subfolders named for the account name of each user. To configure this policy setting type the path to the network share in the form of -> -> Computername -> Sharename. Do not specify a placeholder for the user account name because Remote Desktop Services automatically adds this when the user logs on and the profile is created. If the specified network share does not exist Remote Desktop Services displays an error message on the RD Session Host server and will store the user profiles locally on the RD Session Host server. If you disable or do not configure this policy setting user profiles are stored locally on the RD Session Host server. You can configure a user’s profile path on the Remote Desktop Services Profile tab on the user’s account Properties dialog box. Notes:1. The roaming user profiles enabled by the policy setting apply only to Remote Desktop Services connections. A user might also have a Windows roaming user profile configured. The Remote Desktop Services roaming user profile always takes precedence in a Remote Desktop Services session. 2. To configure a mandatory Remote Desktop Services roaming user profile for all users connecting remotely to the RD Session Host server use this policy setting together with the “Use mandatory profiles on the RD Session Host server” policy setting located in Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> RD Session Host -> Profiles. The path set in the “Set path for Remote Desktop Services Roaming User Profile” policy setting should contain the mandatory profile.

This policy setting allows you to specify the RD Session Host servers to which a Remote Desktop license server will offer Remote Desktop Services client access licenses (RDS CALs). You can use this policy setting to control which RD Session Host servers are issued RDS CALs by the Remote Desktop license server. By default a license server issues an RDS CAL to any RD Session Host server that requests one. If you enable this policy setting and this policy setting is applied to a Remote Desktop license server the license server will only respond to RDS CAL requests from RD Session Host servers whose computer accounts are a member of the RDS Endpoint Servers group on the license server. By default the RDS Endpoint Servers group is empty. If you disable or do not configure this policy setting the Remote Desktop license server issues an RDS CAL to any RD Session Host server that requests one. The RDS Endpoint Servers group is not deleted or changed in any way by disabling or not configuring this policy setting. Note: You should only enable this policy setting when the license server is a member of a domain. You can only add computer accounts for RD Session Host servers to the RDS Endpoint Servers group when the license server is a member of a domain.

This policy setting allows you to specify which version of Remote Desktop Services client access license (RDS CAL) a Remote Desktop Services license server will issue to clients connecting to RD Session Host servers running other Windows-based operating systems. A license server attempts to provide the most appropriate RDS or TS CAL for a connection. For example a Windows Server 2008 license server will try to issue a Windows Server 2008 TS CAL for clients connecting to a terminal server running Windows Server 2008 and will try to issue a Windows Server 2003 TS CAL for clients connecting to a terminal server running Windows Server 2003. By default if the most appropriate RDS CAL is not available for a connection a Windows Server 2008 license server will issue a Windows Server 2008 TS CAL if available to the following:* A client connecting to a Windows Server 2003 terminal server* A client connecting to a Windows 2000 terminal serverIf you enable this policy setting the license server will only issue a temporary RDS CAL to the client if an appropriate RDS CAL for the RD Session Host server is not available. If the client has already been issued a temporary RDS CAL and the temporary RDS CAL has expired the client will not be able to connect to the RD Session Host server unless the RD Licensing grace period for the RD Session Host server has not expired. If you disable or do not configure this policy setting the license server will exhibit the default behavior noted earlier.

Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server. You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded addtional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. By default RD Session Host servers allow an unlimited number of Remote Desktop Services sessions and Remote Desktop for Administration allows two Remote Desktop Services sessions. To use this setting enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections type 999999. If the status is set to Enabled the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server. If the status is set to Disabled or Not Configured limits to the number of connections are not enforced at the Group Policy level. Note: This setting is designed to be used on RD Session Host servers (that is on servers running Windows with Remote Desktop Session Host role service installed).