All Group Policy Settings for Terminal Services in Windows Server 2008

Applies To: Windows Server 2008

The following is a list of all the Group Policy settings for Terminal Services in Windows ServerĀ 2008. The list is organized by the Group Policy nodes in which they are located in the Group Policy Management Console (GPMC). Click a node to view more information about the policy settings, such as explanatory text and operating system requirements.

Computer Configuration Group Policy Settings

The following Group Policy settings are available under the Computer Configuration\Policies\Administrative Templates\Windows Components\Terminal Services node of the GPMC.

Note

If you are using the Local Group Policy Editor, Policies is not part of the node path.

Remote Desktop Connection Client

  • Allow .rdp files from unknown publishers

  • Allow .rdp files from valid publishers and user's default .rdp settings

  • Configure server authentication for client

  • Do not allow passwords to be saved

  • Prompt for credentials on the client computer

  • Specify SHA1 thumbprints of certificates representing trusted .rdp publishers

Terminal Server\Connections

  • Allow remote start of unlisted programs

  • Allow users to connect remotely using Terminal Services

  • Automatic reconnection

  • Configure keep-alive connection interval

  • Deny logoff of an administrator logged in to the console session

  • Limit number of connections

  • Restrict Terminal Services users to a single remote session

  • Set rules for remote control of Terminal Services user sessions

Terminal Server\Device and Resource Redirection

  • Allow audio redirection

  • Allow time zone redirection

  • Do not allow Clipboard redirection

  • Do not allow COM port redirection

  • Do not allow drive redirection

  • Do not allow LPT port redirection

  • Do not allow smart card device redirection

  • Do not allow supported Plug and Play device redirection

Terminal Server\Licensing

  • Hide notifications about TS Licensing problems that affect the terminal server

  • Set the Terminal Services licensing mode

  • Use the specified Terminal Services license servers

Terminal Server\Printer Redirection

  • Do not allow client printer redirection

  • Do not set default client printer to be default printer in a session

  • Redirect only the default client printer

  • Specify terminal server fallback printer driver behavior

  • Use Terminal Services Easy Print printer driver first

Terminal Server\Profiles

  • Set path for TS Roaming User Profile

  • Set TS User Home Directory

  • Use mandatory profiles on the terminal server

Terminal Server\Remote Session Environment

  • Always show desktop on connection

  • Enforce removal of remote desktop wallpaper

  • Limit maximum color depth

  • Remove "Disconnect" option from Shut Down dialog

  • Remove Windows Security item from Start menu

  • Set compression algorithm for RDP data

  • Start a program on connection

Terminal Server\Security

  • Always prompt for password upon connection

  • Do not allow local administrators to customize permissions

  • Require secure RPC communication

  • Require use of specific security layer for remote (RDP) connections

  • Require user authentication for remote connections by using Network Level Authentication

  • Server Authentication Certificate Template

  • Set client connection encryption level

Terminal Server\Session Time Limits

  • Set time limit for active but idle Terminal Services sessions

  • Set time limit for active Terminal Services sessions

  • Set time limit for disconnected sessions

  • Set time limit for logoff of RemoteApp sessions

  • Terminate session when time limits are reached

Terminal Server\Temporary Folders

  • Do not delete temp folders upon exit

  • Do not use temporary folders per session

Terminal Server\TS Session Broker

  • Configure TS Session Broker farm name

  • Configure TS Session Broker server name

  • Join TS Session Broker

  • Use IP address redirection

  • Use TS Session Broker load balancing

TS Licensing

  • License server security group

  • Prevent license upgrade

User Configuration Group Policy Settings

The following Group Policy settings are available under the User Configuration\Policies\Administrative Templates\Windows Components\Terminal Services node of the GPMC.

Note

If you are using the Local Group Policy Editor, Policies is not part of the node path.

Remote Desktop Connection Client

  • Allow .rdp files from unknown publishers

  • Allow .rdp files from valid publishers and user's default .rdp settings

  • Do not allow passwords to be saved

  • Specify SHA1 thumbprints of certificates representing trusted .rdp publishers

Terminal Server\Connections

  • Set rules for remote control of Terminal Services user sessions

Terminal Server\Device and Resource Redirection

  • Allow time zone redirection

  • Do not allow Clipboard redirection

Terminal Server\Printer Redirection

  • Redirect only the default client printer

  • Use Terminal Services Easy Print printer driver first

Terminal Server\Remote Session Environment

  • Always show desktop on connection

  • Remove remote desktop wallpaper

  • Start a program on connection

Terminal Server\Session Time Limits

  • Set time limit for active but idle Terminal Services sessions

  • Set time limit for active Terminal Services sessions

  • Set time limit for disconnected sessions

  • Set time limit for logoff of RemoteApp sessions

  • Terminate session when time limits are reached

TS Gateway

  • Enable connection through TS Gateway

  • Set TS Gateway authentication method

  • Set TS Gateway server address