Category: At least Windows Server 2003 operating systems or Windows XP Professional

This policy setting allows you to specify whether users can redirect the remote computer’s audio and video output in a Remote Desktop Services session. Users can specify where to play the remote computer’s audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (. rdp) file. By default video playback is enabled. By default audio and video playback redirection is not allowed when connecting to a computer running Windows Server 2008 R2 Windows Server 2008 or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 8 Windows Server 2012 R2 Windows 7 Windows Vista or Windows XP Professional. If you enable this policy setting audio and video playback redirection is allowed. If you disable this policy setting audio and video playback redirection is not allowed even if audio playback redirection is specified in RDC or video playback is specified in the . rdp file. If you do not configure this policy setting audio and video playback redirection is not specified at the Group Policy level.

This policy setting specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session. You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default Remote Desktop Services allows Clipboard redirection. If you enable this policy setting users cannot redirect Clipboard data. If you disable this policy setting Remote Desktop Services always allows Clipboard redirection. If you do not configure this policy setting Clipboard redirection is not specified at the Group Policy level.

This policy setting specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session. You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default Remote Desktop Services allows this COM port redirection. If you enable this policy setting users cannot redirect server data to the local COM port. If you disable this policy setting Remote Desktop Services always allows COM port redirection. If you do not configure this policy setting COM port redirection is not specified at the Group Policy level.

This policy setting allows you to configure remote access to computers by using Remote Desktop Services. If you enable this policy setting users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services. If you disable this policy setting users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections but will not accept any new incoming connections. If you do not configure this policy setting Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default remote connections are not allowed. Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security -> Require user authentication for remote connections by using Network Level Authentication. You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections -> Limit number of connections or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider.

Specifies whether desktop wallpaper is displayed to remote clients connecting via Remote Desktop Services. You can use this setting to enforce the removal of wallpaper during a Remote Desktop Services session. By default Windows XP Professional displays wallpaper to remote clients connecting through Remote Desktop depending on the client configuration (see the Experience tab in the Remote Desktop Connection options for more information). Servers running Windows Server 2003 do not display wallpaper by default to Remote Desktop Services sessions. If the status is set to Enabled wallpaper never appears in a Remote Desktop Services session. If the status is set to Disabled wallpaper might appear in a Remote Desktop Services session depending on the client configuration. If the status is set to Not Configured the default behavior applies.

This policy setting specifies whether to require the use of a specific encryption level to secure communications between client computerss and RD Session Host servers during Remote Desktop Protocol (RDP) connections. If you enable this policy setting all communications between clients and RD Session Host servers during remote connections must use the encryption method specified in this setting. By default the encryption level is set to High. The following encryption methods are available:* High: The High setting encrypts data sent from the client to the server and from the server to the client by using strong 128-bit encryption. Use this encryption level in environments that contain only 128-bit clients (for example clients that run Remote Desktop Connection). Clients that do not support this encryption level cannot connect to RD Session Host servers. * Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client. Use this encryption level in environments that include clients that do not support 128-bit encryption. * Low: The Low setting encrypts only data sent from the client to the server by using 56-bit encryption. If you disable or do not configure this setting the encryption level to be used for remote connections to RD Session Host servers is not enforced through Group Policy. ImportantFIPS compliance can be configured through the System cryptography. Use FIPS compliant algorithms for encryption hashing and signing settings in Group Policy (under Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options. ) The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client with the Federal Information Processing Standard (FIPS) 140 encryption algorithms by using Microsoft cryptographic modules. Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption.

This policy setting specifies whether Remote Desktop Services always prompts the client for a password upon connection. You can use this setting to enforce a password prompt for users logging on to Remote Desktop Services even if they already provided the password in the Remote Desktop Connection client. By default Remote Desktop Services allows users to automatically log on by entering a password in the Remote Desktop Connection client. If you enable this policy setting users cannot automatically log on to Remote Desktop Services by supplying their passwords in the Remote Desktop Connection client. They are prompted for a password to log on. If you disable this policy setting users can always log on to Remote Desktop Services automatically by supplying their passwords in the Remote Desktop Connection client. If you do not configure this policy setting automatic logon is not specified at the Group Policy level.

Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default a maximum of twenty reconnection attempts are made at five second intervals. If the status is set to Enabled automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost. If the status is set to Disabled automatic reconnection of clients is prohibited. If the status is set to Not Configured automatic reconnection is not specified at the Group Policy level. However users can configure automatic reconnection using the “Reconnect if connection is dropped” checkbox on the Experience tab in Remote Desktop Connection.