Terminal Server Group Policy Guide in Server 2008

 

Terminal Server Computer Configuration Group Policies

Computer Group Policy
Settings for Terminal Server Connections

Computer Configuration\Administrative
Templates\Windows Components\Terminal Services\Terminal Server\Connections

Computer Group Policies for Terminal Server Connections

Allow reconnection from original client only

Allow remote start of unlisted programs

Allow users to connect remotely using Terminal Services

Automatic reconnection

Configure keep-alive connection interval

Deny logof of an administrator to the console session

Limit number of connections

Restrict Terminal Services users to a single remote session

Set rules for remote control of Terminal Services user sessions

 

Computer
Group Policy Settings for Terminal Server Device and Resource Redirection

Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Device and Resource Redirection

Computer Group Policies for Terminal Server Device and Resource Redirection

Allow audio redirection

Allow time zone redirection

Do not allow clipboard redirection

Do not allow COM port redirection

Do not allow drive redirection

Do not allow LPT port redirection

Do not allow supported Plug and Play device redirection

 

Computer
Group Policy Settings for Terminal Server Licensing

Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Licensing

Computer Group Policies for Terminal Server Licensing

Hide notifications about TS Licensing problems that affect the terminal server

Set the Terminal Services licensing mode

Use the specified Terminal Services licensing servers

 

Computer
Group Policy Settings for Terminal Server Printer Redirection

Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Printer Redirection

Computer Group Policies for Terminal Server Printer Redirection

Do not allow client printer redirection

Do not set default client printer to be default printer in a session

Redirect only the default client printer

Specify terminal server fallback printer driver behavior

User Terminal Services Easy Print driver first

 

Computer
Group Policy Settings for Terminal Server Profiles

Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Profiles

Computer Group Policies for Terminal Server Profiles

Set path for TS Roaming Profiles

Set TS User Home Directory

Use mandatory profiles on the terminal server

 

Computer
Group Policy Settings for Terminal Server Remote Session Environment

Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Remote Session Environment

Computer Group Policies for Terminal Server Remote Session Environment

Always show desktop on connection

Enforce Removal of Remote Desktop Wallpaper

Limit maximum color depth

Remove “Disconnect” option from Shut Down dialog

Remove Windows Security item from Start menu

Start a program on connection

Computer Group Policy Settings for Terminal Server
Security

Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Security

Computer Group Policies for Terminal Server Security

Always prompt for password upon connection

Do not allow local administrators to customize permissions

Require secure RPC communication

Require use of specific security layer for remote (RDP) connections

Require user authentication using RDP 6.0 for remote connections

Server Authentication Certificate Template

Set client connection encryption level

 

Computer
Group Policy Settings for Terminal Server Session Time Limits

Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Session Time Limits

Computer Group Policies for Terminal Server Session Time Limits

Set time limit for active but idle Terminal Services sessions

Set time limit for active Terminal Services sessions

Set time limit for disconnected sessions

Terminate session when time limits are reached

 

Computer
Group Policy Settings for Terminal Server Temporary folders

Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Temporary folders

Computer Group Policies for Terminal Server Temporary Folders

Do no delete temp folder upon exit

Do not use temporary folder per session

 

Computer
Group Policy Settings for Terminal Server TS Session Broker

Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\TS Session Broker

Computer Group Policies for Terminal Server TS Session Broker

Join TS Session Broker

TS Session Broker Farm Name

TS Session Broker Load Balancing

TS Session Broker Server

Use IP Address Redirection

 

Terminal Server User Configuration Group Policies

User
Group Policy Settings for Remote Desktop Connection Client

User Configuration\Administrative Templates\Windows Components\Terminal
Services\Remote Desktop Connection Client

User Group Policies for Remote Desktop Connection Client

Allow .rdp files from valid publishers and user’s default .rdp settings

Allow .rdp files from unknown publishers

Do not allow passwords to be saved

Specify SHA1 thumbprints of certificates representing trusted .rdp publishers

 

User
Group Policy Settings for Terminal Server Connections

User Configuration\Administrative Templates\Windows Components\Terminal
Services\Terminal Server\Connections

User Group Policies for Terminal Server Connections

Set rules for remote control of Terminal Services user sessions

Allow reconnection from original client only

 

User
Group Policy Settings for Terminal Server Device and Resource Redirection

User Configuration\Administrative Templates\Windows Components\Terminal
Services\Terminal Server\Device and Resource Redirection

 

User Group Policies for Terminal Server Device and Resource Redirection

Do not allow clipboard redirection

Allow time zone redirection

 

User
Group Policy Settings for Terminal Server Printer Redirection

User Configuration\Administrative Templates\Windows Components\Terminal
Services\Terminal Server\Printer Redirection

User Group Policies for Terminal Server Printer Redirection

Use Terminal Services Easy Print driver first

Redirect only the default client printer

 

User
Group Policy Settings for Terminal Server Remote Session Environment

User Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Remote Session Environment

User Group Policies for Terminal Server Remote Session Environment

Start a program on connection

Enforce Removal of Remote Desktop Wallpaper

Always show desktop on connection

 

User
Group Policy Settings for Terminal Server Session Time limits

User Configuration\Administrative Templates\Windows Components\Terminal
Services\Terminal Server\Session Time Limits

User Group Policies for Terminal Server Session Time limits

Set time limit for disconnected sessions

Set time limit for active but idle Terminal Services sessions

Set time limit for active Terminal Services sessions

Terminate session when time limits are reached

 

User
Group Policy Settings for TS Gateway

User Configuration\Administrative Templates\Windows Components\Terminal
Services\TS Gateway

User Group Policies for Terminal Server Session Time limits

Set TS Gateway authentication method

Enable connection through TS Gateway

Set TS Gateway server address

 

Comments

  • Anonymous
    January 21, 2009
    Thanks for providing good information. Actualli was looking for the information for TS gateway. I fount it here. Thanks & Regards

  • Anonymous
    April 27, 2009
    Its a Good idea to remove help menu items because users can access shortcuts to command prompt and other programs you may not want them to have access to.

  • Anonymous
    November 19, 2009
    Thank you for this guide. Was quite helpful and saved a lot of time when setting up ts gpo.