Scenario 1: Administering Group Policy to Provide a Consistent Terminal Services Desktop

  • Article

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

The Terminal Services client, called Remote Desktop Connection (RDC), provides a number of ways to configure the client. Some examples for which you may want to standardize the RDC clients in your organization for all user logons are:

  • Client redirection features.

  • Terminal Services profile path.

  • Wallpaper during connection.

  • Printing connection management.

  • Other security related lockdown features.

In each of these examples, the desire is to configure all RDC clients to behave the same way on user logon.

Administering Group Policy to Provide a Consistent Terminal Services Desktop

You must have privileges delegated to you to create, link, and edit GPOs for a specific OU to perform the steps in this scenario. This scenario assumes that the requirements for these scenarios—as specified in Requirements for Configuring Group Policy for Terminal Services—have been fulfilled.

To configure Terminal Services desktop settings for a consistent user logon experience, you must perform the following tasks:

  • Create a loopback GPO linked to the terminal server OU.

  • Create user policy settings in a separate GPO linked to the terminal server OU.

To create a loopback GPO linked to the terminal server OU

  1. To open Group Policy Management Console, click Start, click Run, and then type GPMC.msc.

  2. Create and link a GPO to the terminal server OU. Use this GPO for setting the loopback policy setting in replace mode. Name this GPO appropriately for loopback capability.

  3. Right-click the loopback GPO linked to the terminal server OU, and then click Edit.

  4. In Computer Configuration\Administrative Templates\System\Group Policy, double-click the User Group Policy loopback processing mode setting.

  5. In the User Group Policy loopback processing mode properties, click Enabled.

  6. In the User Group Policy loopback processing mode properties, open the Mode drop-down list, and then click Replace.

  7. Click OK to close the User Group Policy loopback processing mode properties.

  8. Click File, and then click Exit to close Group Policy Object Editor.

To create user policy settings in a separate GPO linked to the terminal server OU

  1. If Group Policy Management Console is not open, click Start, click Run, and then type GPMC.msc.

  2. Create and link a GPO to the terminal server OU. Name this GPO, "User Settings for Terminal Services". Use this GPO for setting the user configuration settings for Terminal Services and other desktop configurations.

  3. Right-click the User Settings for Terminal Services GPO linked to the terminal server OU, and then click Edit.

  4. Configure only user-based policy settings in this GPO. Do not configure any machine-based policy settings in this GPO.

  5. After configuring all the user-based policy settings, click File and then click Exit to close Group Policy Object Editor.

Note

This guide does not make recommendations about which Terminal Services configuration settings should be set for user logons. This guide makes recommendations only for setting the Terminal Services configuration settings to create a consistent user logon experience.