Remote Desktop Connection Client | Allow .rdp files from valid publishers and use’s default RDP settings |
| Allow .rdp files from unknown publishers |
| Do not allow passwords to be saved |
| Specify SHA1 thumbprints of certificates representing trusted .rdp publishers |
| Prompt for credentials on the client computer |
| Configure server authentication for client |
Terminal Server | |
Connections | Automatic reconnection |
| Allow users to connect remotely using Terminal Services |
| Deny logoff of an administrator logged in to the console session |
| Configure keep-alive connection interval |
| Limit number of connections |
| Set rules for remote control of Terminal Services user sessions |
| Restrict Terminal Services users to a single remote session |
| Allow remote start of unlisted program |
Device and Resource Redirection | Allow audio redirection |
| Do not allow clipboard redirection |
| Do not allow COM port redirection |
| Do not allow drive redirection |
| Do not allow LPT port redirection |
| Do not allow supported Plug-and-Play device redirection |
| Do not allow smart card device redirection |
| Allow time zone redirection |
Licensing | Use the specified Terminal Services license servers |
| Hide notification about TS Licensing problems that affect the terminal server |
| Set the Terminal Services licensing mode |
Printer Redirection | Do not set default client printer to be default printer in a session |
| Do not allow client printer redirection |
| Specify terminal server fallback printer driver behavior |
| Use Terminal Services Easy Print printer driver first |
| Redirect only the default client printer |
Profiles | Set TS User Home Directory |
| Use mandatory profiles on the terminal server |
| Set path for TS Roaming User Profile |
Remote Session Environment | Limit maximum color depth |
| Enforce Removal of Remote Desktop Wallpaper |
| Remove “Disconnect” option from Shut Down dialog |
| Remove Windows Security item from Start menu |
| Set compression algorithm for RDP data |
| Start a program on connection |
| Always show desktop on connection |
Security | Server Authentication Certificate Template |
| Set client connection encryption level |
| Always prompt from password upon connection |
| Require secure RPC connection |
| Require use of specific security layer for remote (RDP) connections |
| Do not allow local administrators to customize permissions |
| Require user authentication for remote connections by using Network Level Authentication |
Session Time Limits | Set time limit for disconnected sessions |
| Set time limit for active but idle Terminal Services sessions |
| Terminate session when time limits are reached |
| Set time limit for logoff of RemoteApp sessions |
Temporary Folders | Do not delete temporary folder upon exit |
| Do not use temporary folders per session |
TS Session Broker | Join TS Session Broker |
| Configure TS Session Broker farm name |
| Use IP Address Redirection |
| Configure TS Session Broker server name |
| Use TS Session Broker load balancing |
TS Licensing | License server security group |
| Prevent License upgrade |