Export (0) Print
Expand All

Connections

Applies To: Windows Server 2008

Policy settings in this node control connection settings on a terminal server.

The full path of this node in the Group Policy Management Console is:

Computer Configuration\Policies\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections

noteNote
If you are using the Local Group Policy Editor, Policies is not part of the node path.

 

Name Explanation Requirements

Allow remote start of unlisted programs

This policy setting allows you to specify whether remote users can start any program on the terminal server when they start a remote session, or whether they can only start programs that are listed in the RemoteApp Programs list.

You can control which programs on a terminal server can be started remotely by using the TS RemoteApp Manager tool to create a list of RemoteApp programs. By default, only programs in the RemoteApp Programs list can be started when a user starts a remote session.

If you enable this policy setting, remote users can start any program on the terminal server when they start a remote session. For example, a remote user can do this by specifying the program's executable path at connection time by using the Remote Desktop Connection client.

If you disable or do not configure this policy setting, remote users can only start programs that are listed in the RemoteApp Programs list in TS RemoteApp Manager when they start a remote session.

At least Windows Server 2008

Allow users to connect remotely using Terminal Services

This policy setting allows you to configure remote access to computers by using Terminal Services.

If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Terminal Services.

If you disable this policy setting, users cannot connect remotely to the target computer by using Terminal Services. The target computer will maintain any current connections, but will not accept any new incoming connections.

If you do not configure this policy setting, Terminal Services uses the Remote Desktop setting on the target computer to determine whether remote connection is allowed. This setting is found on the Remote tab in System Properties. By default, remote connection is not allowed.

noteNote
You can limit which clients are able to connect remotely by using Terminal Services by configuring the Require user authentication for remote connections by using Network Level Authentication policy setting located in Computer Configuration\Policies\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Security. You can limit the number of users who can connect simultaneously by configuring the Limit number of connections policy setting located in Computer Configuration\Policies\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Connections, or by configuring the Maximum Connections option on the Network Adapter tab in the Terminal Services Configuration tool.

At least Windows XP Professional or Windows Server 2003

Automatic reconnection

This policy setting allows you to specify whether to allow Remote Desktop Connection clients to automatically reconnect to Terminal Services sessions if their network link is temporarily lost. By default, a maximum of twenty reconnection attempts are made at five-second intervals.

If you enable this policy setting, automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost.

If you disable this policy setting, automatic reconnection of clients is prohibited.

If you do not configure this policy setting, automatic reconnection is not specified at the Group Policy level. However, users can configure automatic reconnection by selecting the Reconnect if connection is dropped check box on the Experience tab in Remote Desktop Connection.

At least Windows XP Professional or Windows Server 2003

Configure keep-alive connection interval

This policy setting allows you to enter a keep-alive interval to ensure that the session state on the terminal server is consistent with the client state.

After a terminal server client loses the connection to a terminal server, the session on the terminal server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the terminal server. If the client logs on to the same terminal server again, a new session might be established (if Terminal Services is configured to allow multiple sessions), and the original session might still be active.

If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values that you can enter is 1 to 999,999.

If you disable or do not configure this policy setting, a keep-alive interval is not set and the server will not check the session state.

At least Windows Server 2003

Deny logoff of an administrator logged in to the console session

This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.

This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off, any data not previously saved is lost.

If you enable this policy setting, logging off the connected administrator is not allowed.

If you disable or do not configure this policy setting, logging off the connected administrator is allowed.

Windows XP Professional or Windows Server 2003 only

Limit number of connections

This policy setting allows you to specify whether Terminal Services limits the number of simultaneous connections to the server.

You can use this policy setting to restrict the number of remote sessions that can be active on a server. If this number is exceeded, additional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. By default, terminal servers allow an unlimited number of remote sessions, and Remote Desktop for Administration allows two remote sessions.

To use this setting, enter the number of connections that you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999.

If you enable this policy setting, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Terminal Services running on the server.

If you disable or do not configure this policy setting, limits to the number of connections are not enforced at the Group Policy level.

noteNote
This policy setting is designed to be used on servers with Terminal Server installed.

At least Windows Server 2003

Restrict Terminal Services users to a single remote session

This policy setting allows you to restrict users to a single remote Terminal Services session.

If you enable this policy setting, users who log on remotely by using Terminal Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at next logon.

If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections by using Terminal Services.

If you do not configure this policy setting, the Restrict each user to one session setting in the Terminal Services Configuration tool will determine if users are restricted to a single remote session.

At least Windows Server 2003

Set rules for remote control of Terminal Services user sessions

This policy setting allows you to specify the level of remote control permitted in a Terminal Services session.

You can use this policy setting to select one of two levels of remote control: View Session or Full Control. View Session permits the remote control user to watch a session. Full Control permits the administrator to interact with the session. Remote control can be established with or without the user's permission.

If you enable this policy setting, administrators can remotely interact with a user's Terminal Services session according to the specified rules. To set these rules, select the desired level of control and permission in the Options list. To disable remote control, select No remote control allowed.

If you disable or do not configure this policy setting, remote control rules are determined by the setting on the Remote Control tab in the Terminal Services Configuration tool. By default, remote control users have full control of the session with the user's permission.

noteNote
This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.

At least Windows XP Professional or Windows Server 2003

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft