The Remote Desktop roles may no longer work correctly after you apply a security policy created with the Security Configuration Wizard.

  • Article

Applies To: Windows HPC Server 2008 R2

This article details how the different remote desktop services may not work correctly after you apply a security policy created with the Security Configuration Wizard unless you have chosen the correct roles.

Symptoms

After applying a security policy created with the Security Configuration Wizard, any pre-existing remote desktop services may not work correctly.

Cause

After applying the policy you configured in the Security Configuration Wizard, pre-existing remote desktop services will be disabled.

Workaround

While creating a policy in Security Configuration Wizard, take the following steps to manually enable and start the desired Remote Desktop Services.

Manually enabling the Remote Desktop Web Access role

  1. On the Select Server Roles page of the Security Configuration Wizard, select the Web Server and Windows Process Activation Service roles.

  2. On the Select Client Features page of the Security Configuration Wizard, select the Domain Member, Microsoft Network Client, and Time Synchronization features.

  3. On the Select Administrative and Other Options page of the Security Configuration Wizard, select the Remote WMI option.

  4. Finish configuring the policy in the Security Configuration Wizard.

Manually enabling the Remote Desktop Connection Broker role

  1. On the Select Server Roles page of the Security Configuration Wizard, select the Remote Desktop Connection Broker role.

  2. On the Select Client Features page of the Security Configuration Wizard, select the Domain Member, Microsoft Network Client, and Time Synchronization features.

  3. On the Select Administrative and Other Options page of the Security Configuration Wizard, select the Remote WMI option.

  4. Finish configuring the policy in the Security Configuration Wizard.

Important

If the Remote Application and Desktop Connection Management service is disabled in Services.msc, change the Startup Type to Automatic and start the service.

Manually enabling the Remote Desktop Virtualization Host role

  1. On the Select Client Features page of the Security Configuration Wizard, select the Domain Member, Microsoft Network Client, and Time Synchronization features.

  2. On the Select Administrative and Other Options page of the Security Configuration Wizard, select the Remote WMI option.

  3. On the Select Additional Services page of the Security Configuration Wizard, select the Hyper-V Virtual Machine Management and Remote Desktop Virtualization Host Agent services.

  4. Finish configuring the policy in the Security Configuration Wizard.

Important

For managing virtual machines, some other Hyper-V services may be required, but those are not required for establishing the Remote Desktop Virtualization Host role.

Manually enabling the Remote Desktop Session Host role

  1. On the Select Server Roles page of the Security Configuration Wizard, select the Remote Desktop Session Host role.

  2. On the Select Client Features page of the Security Configuration Wizard, select the Domain Member, Microsoft Network Client, and Time Synchronization features.

  3. On the Select Administrative and Other Options page of the Security Configuration Wizard, select the Remote WMI option.

  4. Finish configuring the policy in the Security Configuration Wizard.

Important

If the Remote Desktop Session Host will not to be joined to a domain, and is not part of a VDI deployment, then the second and third steps not required.

Important

If remote multimedia management is required, then some additional features, roles, and services may need to be selected while creating the policy in the Security Configuration Wizard.