Device and Resource Redirection

Applies To: Windows Server 2008 R2

Policy settings in this node control access to devices and resources on a client computer in Remote Desktop Services sessions.

The full path of this node in the Group Policy Management Console is Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection.

Note

If you are using the Local Group Policy Editor, Policies is not part of the node path.

Available policy settings

Name Explanation Requirements

Allow audio and video playback redirection

This policy setting allows you to specify whether users can redirect the remote computer's audio and video output in a Remote Desktop Services session.

Users can specify where to play the remote computer's audio output by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can choose to play the remote audio on the remote computer or on the local computer. Users can also choose to not play the audio. Video playback can be configured by using the videoplayback setting in a Remote Desktop Protocol (.rdp) file. By default, video playback is enabled.

By default, audio and video playback redirection is not allowed when connecting to a computer running Windows Server 2008 R2, Windows Server 2008, or Windows Server 2003. Audio and video playback redirection is allowed by default when connecting to a computer running Windows 7, Windows Vista, or Windows XP Professional.

If you enable this policy setting, audio and video playback redirection is allowed.

If you disable this policy setting, audio and video playback redirection is not allowed, even if audio playback redirection is specified in RDC or video playback is specified in the .rdp file.

If you do not configure this policy setting, the Audio and video playback setting on the Client Settings tab in the Remote Desktop Session Host Configuration tool determines whether audio and video playback redirection is allowed.

At least Windows XP Professional or Windows Server 2003 family

Allow audio recording redirection

This policy setting allows you to specify whether users can record audio to the remote computer in a Remote Desktop Services session.

Users can specify whether to record audio to the remote computer by configuring the remote audio settings on the Local Resources tab in Remote Desktop Connection (RDC). Users can record audio by using an audio input device on the local computer, such as a built-in microphone.

By default, audio recording redirection is not allowed when connecting to a computer running Windows Server 2008 R2. Audio recording redirection is allowed by default when connecting to a computer running Windows 7.

If you enable this policy setting, audio recording redirection is allowed.

If you disable this policy setting, audio recording redirection is not allowed, even if audio recording redirection is specified in RDC.

If you do not configure this policy setting, the Audio recording setting on the Client Settings tab in the Remote Desktop Session Host Configuration tool determines whether audio recording redirection is allowed.

Limit audio playback quality

This policy setting allows you to limit the audio playback quality for a Remote Desktop Services session. Limiting the quality of audio playback can improve connection performance, particularly over slow links.

If you enable this policy setting, you must select one of the following: High, Medium, or Dynamic. If you select High, the audio will be sent without any compression and with minimum latency. This requires a large amount of bandwidth. If you select Medium, the audio will be sent with some compression and with minimum latency as determined by the codec that is being used. If you select Dynamic, the audio will be sent with a level of compression that is determined by the bandwidth of the remote connection.

The audio playback quality that you specify on the remote computer by using this policy setting is the maximum quality that can be used for a Remote Desktop Services session, regardless of the audio playback quality configured on the client computer. For example, if the audio playback quality configured on the client computer is higher than the audio playback quality configured on the remote computer, the lower level of audio playback quality will be used.

Audio playback quality can be configured on the client computer by using the audioqualitymode setting in a Remote Desktop Protocol (.rdp) file. By default, audio playback quality is set to Dynamic.

If you disable or do not configure this policy setting, audio playback quality will be set to Dynamic.

At least Windows 7 or Windows Server 2008 R2

Do not allow clipboard redirection

Specifies whether to prevent the sharing of Clipboard contents (Clipboard redirection) between a remote computer and a client computer during a Remote Desktop Services session.

You can use this setting to prevent users from redirecting Clipboard data to and from the remote computer and the local computer. By default, Remote Desktop Services allows Clipboard redirection.

If the status is set to Enabled, users cannot redirect Clipboard data.

If the status is set to Disabled, Remote Desktop Services always allows Clipboard redirection.

If the status is set to Not Configured, Clipboard redirection is not specified at the Group Policy level. However, an administrator can still disable Clipboard redirection by using the Remote Desktop Session Host Configuration tool.

At least Windows XP Professional or Windows Server 2003 family

Do not allow COM port redirection

Specifies whether to prevent the redirection of data to client COM ports from the remote computer in a Remote Desktop Services session.

You can use this setting to prevent users from redirecting data to COM port peripherals or mapping local COM ports while they are logged on to a Remote Desktop Services session. By default, Remote Desktop Services allows this COM port redirection.

If the status is set to Enabled, users cannot redirect server data to the local COM port.

If the status is set to Disabled, Remote Desktop Services always allows COM port redirection.

If the status is set to Not Configured, COM port redirection is not specified at the Group Policy level. However, an administrator can still disable COM port redirection using the Remote Desktop Session Host Configuration tool.

At least Windows XP Professional or Windows Server 2003 family

Do not allow drive redirection

Specifies whether to prevent the mapping of client drives in a Remote Desktop Services session (drive redirection).

By default, an RD Session Host server maps client drives automatically upon connection. Mapped drives appear in the session folder tree in Windows Explorer or Computer in the format <driveletter> on <computername>. You can use this setting to override this behavior.

If the status is set to Enabled, client drive redirection is not allowed in Remote Desktop Services sessions.

If the status is set to Disabled, client drive redirection is always allowed.

If the status is set to Not Configured, client drive redirection is not specified at the Group Policy level. However, an administrator can still disable client drive redirection by using the Remote Desktop Session Host Configuration tool.

At least Windows XP Professional or Windows Server 2003 family

Do not allow LPT redirection

Specifies whether to prevent the redirection of data to client LPT ports during a Remote Desktop Services session.

You can use this setting to prevent users from mapping local LPT ports and redirecting data from the remote computer to local LPT port peripherals. By default, Remote Desktop Services allows this LPT port redirection.

If the status is set to Enabled, users in a Remote Desktop Services session cannot redirect server data to the local LPT port.

If the status is set to Disabled, LPT port redirection is always allowed.

If the status is set to Not Configured, LPT port redirection is not specified at the Group Policy level. However, an administrator can still disable local LPT port redirection using the Remote Desktop Session Host Configuration tool.

At least Windows XP Professional or Windows Server 2003 family

Do not allow supported Plug and Play device redirection

This policy setting allows you to control the redirection of supported Plug and Play devices, such as Windows Portable Devices, to the remote computer in a Remote Desktop Services session.

By default, Remote Desktop Services allows redirection of supported Plug and Play devices. Users can use the More option on the Local Resources tab of Remote Desktop Connection to choose the supported Plug and Play devices to redirect to the remote computer.

If you enable this policy setting, users cannot redirect their supported Plug and Play devices to the remote computer.

If you disable this policy setting or do not configure this policy setting, users can redirect their supported Plug and Play devices to the remote computer.

Note
You can also disallow redirection of supported Plug and Play devices on the Client Settings tab in the Remote Desktop Session Host Configuration tool. You can disallow redirection of specific types of supported Plug and Play devices by using the Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions policy settings.

At least Windows Vista

Do not allow smart card redirection

This policy setting allows you to control the redirection of smart card devices in a Remote Desktop Services session.

If you enable this policy setting, Remote Desktop Services users cannot use a smart card to log on to a Remote Desktop Services session.

If you disable or do not configure this policy setting, smart card device redirection is allowed. By default, Remote Desktop Services automatically redirects smart card devices on connection.

Note

The client computer must be running at least Microsoft Windows 2000 Server or at least Windows XP Professional and the target server must be joined to a domain.

At least Windows XP Professional or Windows Server 2003 family

Allow time zone redirection

This policy setting determines whether the client computer redirects its time zone settings to the Remote Desktop Services session.

If you enable this policy setting, clients that are capable of time zone redirection send their time zone information to the server. The server base time is then used to calculate the current session time (current session time = server base time + client time zone).

If you disable or do not configure this policy setting, the client computer does not redirect its time zone information and the session time zone is the same as the server time zone.

Note

Time zone redirection is possible only when connecting to at least a Windows Server 2003 terminal server with a client using RDP 5.1 and later.

At least Windows Server 2003