Terminal Server Group Policy Guide in Server 2008
Terminal Server Computer Configuration Group Policies
Computer Group Policy
Settings for Terminal Server Connections
Computer Configuration\Administrative
Templates\Windows Components\Terminal Services\Terminal Server\Connections
Computer Group Policies for Terminal Server Connections |
|---|
Allow reconnection from original client only |
Allow remote start of unlisted programs |
Allow users to connect remotely using Terminal Services |
Automatic reconnection |
Configure keep-alive connection interval |
Deny logof of an administrator to the console session |
Limit number of connections |
Restrict Terminal Services users to a single remote session |
Set rules for remote control of Terminal Services user sessions |
Computer
Group Policy Settings for Terminal Server Device and Resource Redirection
Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Device and Resource Redirection
Computer Group Policies for Terminal Server Device and Resource Redirection |
|---|
Allow audio redirection |
Allow time zone redirection |
Do not allow clipboard redirection |
Do not allow COM port redirection |
Do not allow drive redirection |
Do not allow LPT port redirection |
Do not allow supported Plug and Play device redirection |
Computer
Group Policy Settings for Terminal Server Licensing
Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Licensing
Computer Group Policies for Terminal Server Licensing |
|---|
Hide notifications about TS Licensing problems that affect the terminal server |
Set the Terminal Services licensing mode |
Use the specified Terminal Services licensing servers |
Computer
Group Policy Settings for Terminal Server Printer Redirection
Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Printer Redirection
Computer Group Policies for Terminal Server Printer Redirection |
|---|
Do not allow client printer redirection |
Do not set default client printer to be default printer in a session |
Redirect only the default client printer |
Specify terminal server fallback printer driver behavior |
User Terminal Services Easy Print driver first |
Computer
Group Policy Settings for Terminal Server Profiles
Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Profiles
Computer Group Policies for Terminal Server Profiles |
|---|
Set path for TS Roaming Profiles |
Set TS User Home Directory |
Use mandatory profiles on the terminal server |
Computer
Group Policy Settings for Terminal Server Remote Session Environment
Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Remote Session Environment
Computer Group Policies for Terminal Server Remote Session Environment |
|---|
Always show desktop on connection |
Enforce Removal of Remote Desktop Wallpaper |
Limit maximum color depth |
Remove “Disconnect” option from Shut Down dialog |
Remove Windows Security item from Start menu |
Start a program on connection |
Computer Group Policy Settings for Terminal Server
Security
Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Security
Computer Group Policies for Terminal Server Security |
|---|
Always prompt for password upon connection |
Do not allow local administrators to customize permissions |
Require secure RPC communication |
Require use of specific security layer for remote (RDP) connections |
Require user authentication using RDP 6.0 for remote connections |
Server Authentication Certificate Template |
Set client connection encryption level |
Computer
Group Policy Settings for Terminal Server Session Time Limits
Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Session Time Limits
Computer Group Policies for Terminal Server Session Time Limits |
|---|
Set time limit for active but idle Terminal Services sessions |
Set time limit for active Terminal Services sessions |
Set time limit for disconnected sessions |
Terminate session when time limits are reached |
Computer
Group Policy Settings for Terminal Server Temporary folders
Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Temporary folders
Computer Group Policies for Terminal Server Temporary Folders |
|---|
Do no delete temp folder upon exit |
Do not use temporary folder per session |
Computer
Group Policy Settings for Terminal Server TS Session Broker
Computer Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\TS Session Broker
Computer Group Policies for Terminal Server TS Session Broker |
|---|
Join TS Session Broker |
TS Session Broker Farm Name |
TS Session Broker Load Balancing |
TS Session Broker Server |
Use IP Address Redirection |
Terminal Server User Configuration Group Policies
User
Group Policy Settings for Remote Desktop Connection Client
User Configuration\Administrative Templates\Windows Components\Terminal
Services\Remote Desktop Connection Client
User Group Policies for Remote Desktop Connection Client |
|---|
Allow .rdp files from valid publishers and user’s default .rdp settings |
Allow .rdp files from unknown publishers |
Do not allow passwords to be saved |
Specify SHA1 thumbprints of certificates representing trusted .rdp publishers |
User
Group Policy Settings for Terminal Server Connections
User Configuration\Administrative Templates\Windows Components\Terminal
Services\Terminal Server\Connections
User Group Policies for Terminal Server Connections |
|---|
Set rules for remote control of Terminal Services user sessions |
Allow reconnection from original client only |
User
Group Policy Settings for Terminal Server Device and Resource Redirection
User Configuration\Administrative Templates\Windows Components\Terminal
Services\Terminal Server\Device and Resource Redirection
User Group Policies for Terminal Server Device and Resource Redirection |
|---|
Do not allow clipboard redirection |
Allow time zone redirection |
User
Group Policy Settings for Terminal Server Printer Redirection
User Configuration\Administrative Templates\Windows Components\Terminal
Services\Terminal Server\Printer Redirection
User Group Policies for Terminal Server Printer Redirection |
|---|
Use Terminal Services Easy Print driver first |
Redirect only the default client printer |
User
Group Policy Settings for Terminal Server Remote Session Environment
User Configuration\Administrative Templates\Windows
Components\Terminal Services\Terminal Server\Remote Session Environment
User Group Policies for Terminal Server Remote Session Environment |
|---|
Start a program on connection |
Enforce Removal of Remote Desktop Wallpaper |
Always show desktop on connection |
User
Group Policy Settings for Terminal Server Session Time limits
User Configuration\Administrative Templates\Windows Components\Terminal
Services\Terminal Server\Session Time Limits
User Group Policies for Terminal Server Session Time limits |
|---|
Set time limit for disconnected sessions |
Set time limit for active but idle Terminal Services sessions |
Set time limit for active Terminal Services sessions |
Terminate session when time limits are reached |
User
Group Policy Settings for TS Gateway
User Configuration\Administrative Templates\Windows Components\Terminal
Services\TS Gateway
User Group Policies for Terminal Server Session Time limits |
|---|
Set TS Gateway authentication method |
Enable connection through TS Gateway |
Set TS Gateway server address |
Comments
Anonymous
January 21, 2009
Thanks for providing good information. Actualli was looking for the information for TS gateway. I fount it here. Thanks & RegardsAnonymous
April 27, 2009
Its a Good idea to remove help menu items because users can access shortcuts to command prompt and other programs you may not want them to have access to.Anonymous
November 19, 2009
Thank you for this guide. Was quite helpful and saved a lot of time when setting up ts gpo.