Share via


Device and Resource Redirection

Applies To: Windows Server 2008

Policy settings in this node control access to devices and resources on a client computer in Terminal Services sessions.

The full path of this node in the Group Policy Management Console is:

Computer Configuration\Policies\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Device and Resource Redirection

Note

If you are using the Local Group Policy Editor, Policies is not part of the node path.

Available policy settings

Name Explanation Requirements

Allow audio redirection

This policy setting allows you to specify whether users can choose where to play the remote computer's audio output during a Terminal Services session (audio redirection).

Users can use the Remote computer sound option on the Local Resources tab of Remote Desktop Connection to choose whether to play the remote audio on the remote computer or on the local computer. Users can also choose to disable the audio.

By default, users cannot apply audio redirection when connecting via Terminal Services to a server running Windows Server 2003. Users connecting to a computer running Windows XP Professional can apply audio redirection by default.

If you enable this policy setting, users can apply audio redirection.

If you disable this policy setting, users cannot apply audio redirection.

If you do not configure this policy setting, audio redirection is not specified at the Group Policy level. However, an administrator can still enable or disable audio redirection by using the Terminal Services Configuration tool.

At least Windows XP Professional or Windows Server 2003

Allow time zone redirection

This policy setting determines whether the client computer redirects its time zone settings to the Terminal Services session.

If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone).

If you disable or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as the server time zone.

Note
Time zone redirection is possible only when connecting to at least a Windows Server 2003 terminal server with a client that is using RDP 5.1 or later.

At least Windows Server 2003

Do not allow Clipboard redirection

This policy setting allows you to specify whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Terminal Services session.

You can use this policy setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Terminal Services allows this Clipboard redirection.

If you enable this policy setting, users cannot redirect Clipboard data.

If you disable this policy setting, Terminal Services always allows Clipboard redirection.

If you do not configure this policy setting, Clipboard redirection is not specified at the Group Policy level. However, an administrator can still disable Clipboard redirection by using the Terminal Services Configuration tool.

At least Windows XP Professional or Windows Server 2003

Do not allow COM port redirection

This policy setting allows you to specify whether to prevent the redirection of data to client COM ports from the remote computer in a Terminal Services session.

You can use this policy setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Terminal Services session. By default, Terminal Services allows this COM port redirection.

If you enable this policy setting, users cannot redirect server data to the local COM port.

If you disable this policy setting, Terminal Services always allows COM port redirection.

If you do not configure this policy setting, COM port redirection is not specified at the Group Policy level. However, an administrator can still disable COM port redirection by using the Terminal Services Configuration tool.

At least Windows XP Professional or Windows Server 2003

Do not allow drive redirection

This policy setting allows you to specify whether to prevent the mapping of client drives in a Terminal Services session (drive redirection).

By default, Terminal Services maps client drives automatically upon connection. Mapped drives appear in the session folder tree in Windows Explorer or My Computer in the format <driveletter> on <computername>. You can use this policy setting to override this behavior.

If you enable this policy setting, client drive redirection is not allowed in Terminal Services sessions.

If you disable this policy setting, client drive redirection is always allowed.

If you do not configure this policy setting, client drive redirection is not specified at the Group Policy level. However, an administrator can still disable client drive redirection by using the Terminal Services Configuration tool.

At least Windows XP Professional or Windows Server 2003

Do not allow LPT port redirection

This policy setting allows you to specify whether to prevent the redirection of data to client LPT ports during a Terminal Services session.

You can use this policy setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Terminal Services allows this LPT port redirection.

If you enable this policy setting, users in a Terminal Services session cannot redirect server data to the local LPT port.

If you disable this policy setting, LPT port redirection is always allowed.

If you do not configure this policy setting, LPT port redirection is not specified at the Group Policy level. However, an administrator can still disable local LPT port redirection by using the Terminal Services Configuration tool.

At least Windows XP Professional or Windows Server 2003

Do not allow smart card device redirection

This policy setting allows you to control the redirection of smart card devices in a Terminal Services session.

If you enable this policy setting, Terminal Services users cannot use a smart card to log on to a Terminal Services session.

If you disable or do not configure this policy setting, smart card device redirection is allowed. By default, Terminal Services automatically redirects smart card devices on connection.

Note

The client computer must be running at least Windows 2000 Server or at least Windows XP Professional and the target server must be joined to a domain.

At least Windows XP Professional or Windows Server 2003

Do not allow supported Plug and Play device redirection

This policy setting allows you to control the redirection of supported Plug and Play devices, such as Windows Portable Devices, to the remote computer in a Terminal Services session.

By default, Terminal Services allows redirection of supported Plug and Play devices. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer.

If you enable this policy setting, users cannot redirect their supported Plug and Play devices to the remote computer.

If you disable or do not configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer.

Note

You can also disallow redirection of supported Plug and Play devices on the Client Settings tab in the Terminal Services Configuration tool. You can disallow redirection of specific types of supported Plug and Play devices by using the Device Installation Restrictions policy settings located in Computer Configuration\Policies\Administrative Templates\System\Device Installation.

At least Windows Vista