2.2.2.31 POLICY_TS_MACHINE
The POLICY_TS_MACHINE structure defines the machine policy of the server. Each item in the policy has a flag to indicate if the policy is present and a value for the policy.<105>
-
typedef struct _POLICY_TS_MACHINE { ULONG fPolicyDisableClip :1; ULONG fPolicyDisableCam :1; ULONG fPolicyDisableCcm :1; ULONG fPolicyDisableLPT :1; ULONG fPolicyDisableCpm :1; ULONG fPolicyPromptForPassword :1; ULONG fPolicyMaxInstanceCount :1; ULONG fPolicyMinEncryptionLevel :1; ULONG fPolicyFipsEnabled :1; ULONG fPolicyDisableAutoReconnect :1; ULONG fPolicyWFProfilePath :1; ULONG fPolicyWFHomeDir :1; ULONG fPolicyWFHomeDirDrive :1; ULONG fPolicyDenyTSConnections :1; ULONG fPolicyTempFoldersPerSession :1; ULONG fPolicyDeleteTempFoldersOnExit :1; ULONG fPolicyColorDepth :1; ULONG fPolicySessionDirectoryActive :1; ULONG fPolicySessionDirectoryLocation :1; ULONG fPolicySessionDirectoryClusterName :1; ULONG fPolicySessionDirectoryAdditionalParams :1; ULONG fPolicySessionDirectoryExposeServerIP :1; ULONG fPolicyPreventLicenseUpgrade :1; ULONG fPolicySecureLicensing :1; ULONG fPolicyWritableTSCCPermissionsTAB :1; ULONG fPolicyDisableCdm :1; ULONG fPolicyForceClientLptDef :1; ULONG fPolicyShadow :1; ULONG fPolicyResetBroken :1; ULONG fPolicyReconnectSame :1; ULONG fPolicyMaxSessionTime :1; ULONG fPolicyMaxDisconnectionTime :1; ULONG fPolicyMaxIdleTime :1; ULONG fPolicyInitialProgram :1; ULONG fPolicySingleSessionPerUser :1; ULONG fPolicyDisableWallpaper :1; ULONG fPolicyKeepAlive :1; ULONG fPolicyEnableTimeZoneRedirection :1; ULONG fPolicyDisableForcibleLogoff :1; ULONG fPolicyLicensingMode :1; ULONG fPolicyExplicitLSDiscovery :1; ULONG fPolicyDisableTerminalServerTooltip :1; ULONG fDisableClip :1; ULONG fDisableCam :1; ULONG fDisableCcm :1; ULONG fDisableLPT :1; ULONG fDisableCpm :1; ULONG fPromptForPassword :1; ULONG ColorDepth :3; ULONG fDenyTSConnections :1; ULONG fTempFoldersPerSession :1; ULONG fDeleteTempFoldersOnExit :1; ULONG fWritableTSCCPermissionsTAB :1; ULONG fDisableCdm :1; ULONG fForceClientLptDef :1; ULONG fResetBroken :1; ULONG fReconnectSame :1; ULONG fSingleSessionPerUser :1; ULONG fDisableWallpaper :1; ULONG fKeepAliveEnable :1; ULONG fPreventLicenseUpgrade :1; ULONG fSecureLicensing :1; ULONG fEnableTimeZoneRedirection :1; ULONG fDisableAutoReconnect :1; ULONG fDisableForcibleLogoff :1; ULONG fPolicyEncryptRPCTraffic :1; ULONG fEncryptRPCTraffic :1; ULONG fErrorInvalidProfile :1; ULONG fPolicyFallbackPrintDriver :1; ULONG FallbackPrintDriverType :3; ULONG fDisableTerminalServerTooltip :1; BYTE bSecurityLayer; ULONG fPolicySecurityLayer :1; BYTE bUserAuthentication; ULONG fPolicyUserAuthentication :1; ULONG fPolicyTurnOffSingleAppMode :1; ULONG fTurnOffSingleAppMode :1; ULONG fDisablePNPPolicyIsEnfored :1; ULONG fDisablePNPPolicyValue :1; ULONG MaxInstanceCount; ULONG LicensingMode; BYTE MinEncryptionLevel; WCHAR WFProfilePath[DIRECTORY_LENGTH + 1]; WCHAR WFHomeDir[DIRECTORY_LENGTH + 1]; WCHAR WFHomeDirDrive[ 4 ]; ULONG SessionDirectoryActive; WCHAR SessionDirectoryLocation[DIRECTORY_LENGTH+1]; WCHAR SessionDirectoryClusterName[DIRECTORY_LENGTH+1]; WCHAR SessionDirectoryAdditionalParams[DIRECTORY_LENGTH+1]; ULONG SessionDirectoryExposeServerIP; ULONG KeepAliveInterval; SHADOWCLASS Shadow; ULONG MaxConnectionTime; ULONG MaxDisconnectionTime; ULONG MaxIdleTime; WCHAR WorkDirectory[DIRECTORY_LENGTH+1]; WCHAR InitialProgram[INITIALPROGRAM_LENGTH + 1]; WCHAR LicenseServers[MAX_LICENSE_SERVER_LENGTH + 1]; } POLICY_TS_MACHINE, *PPOLICY_TS_MACHINE;
fPolicyDisableClip: TRUE indicates the policy for DisableClip is set; FALSE otherwise.
fPolicyDisableCam: TRUE indicates the policy for DisableCam is set; FALSE otherwise.
fPolicyDisableCcm: TRUE indicates the policy for DisableCcm is set; FALSE otherwise.
fPolicyDisableLPT: TRUE indicates the policy for DisableLPT is set; FALSE otherwise.
fPolicyDisableCpm: TRUE indicates the policy for DisableCpm is set; FALSE otherwise.
fPolicyPromptForPassword: TRUE indicates the policy for PromptForPassword is set; FALSE otherwise.
fPolicyMaxInstanceCount: TRUE indicates the policy for MaxInstanceCount is set; FALSE otherwise.
fPolicyMinEncryptionLevel: TRUE indicates the policy for MinEncryptionLevel is set; FALSE otherwise.
fPolicyFipsEnabled: TRUE indicates the policy for Fips is enabled; FALSE otherwise.<106>
fPolicyDisableAutoReconnect: TRUE indicates the policy for DisableAutoReconnect is set; FALSE otherwise.
fPolicyWFProfilePath: TRUE indicates the policy for WFProfilePath is set; FALSE otherwise.
fPolicyWFHomeDir: TRUE indicates the policy for WFHomeDir is set; FALSE otherwise.
fPolicyWFHomeDirDrive: TRUE indicates the policy for WFHomeDirDrive is set; FALSE otherwise.
fPolicyDenyTSConnections: TRUE indicates the policy for DenyTSConnections is set; FALSE otherwise.
fPolicyTempFoldersPerSession: TRUE indicates the policy for TempFoldersPerSession is set; FALSE otherwise.
fPolicyDeleteTempFoldersOnExit: TRUE indicates the policy for DeleteTempFoldersOnExit is set; FALSE otherwise.
fPolicyColorDepth: TRUE indicates the policy for ColorDepth is set; FALSE otherwise.
fPolicySessionDirectoryActive: TRUE indicates the policy for SessionDirectoryActive is set; FALSE otherwise.
fPolicySessionDirectoryLocation: TRUE indicates the policy for SessionDirectoryLocation is set; FALSE otherwise.
fPolicySessionDirectoryClusterName: TRUE indicates the policy for SessionDirectoryClusterName is set; FALSE otherwise.
fPolicySessionDirectoryAdditionalParams: TRUE indicates the policy for SessionDirectoryAdditionalParams is set; FALSE otherwise.
fPolicySessionDirectoryExposeServerIP: TRUE indicates the policy for SessionDirectoryExposeServerIP is set; FALSE otherwise.
fPolicyPreventLicenseUpgrade: TRUE indicates the policy for PreventLicenseUpgrade is set; FALSE otherwise.
fPolicySecureLicensing: TRUE indicates the policy for SecureLicensing is set; FALSE otherwise.<107>
fPolicyWritableTSCCPermissionsTAB: TRUE indicates the policy for WritableTSCCPermissionsTAB is set; FALSE otherwise.
fPolicyDisableCdm: TRUE indicates the policy for DisableCdm is set; FALSE otherwise.
fPolicyForceClientLptDef: TRUE indicates the policy for ForceClientLptDef is set; FALSE otherwise.
fPolicyShadow: TRUE indicates the policy for Shadow is set; FALSE otherwise.
fPolicyResetBroken: TRUE indicates the policy for ResetBroken is set; FALSE otherwise.
fPolicyReconnectSame: TRUE indicates the policy for ReconnectSame is set; FALSE otherwise.
fPolicyMaxSessionTime: TRUE indicates the policy for MaxSessionTime is set; FALSE otherwise.
fPolicyMaxDisconnectionTime: TRUE indicates the policy for MaxDisconnectionTime is set; FALSE otherwise.
fPolicyMaxIdleTime: TRUE indicates the policy for MaxIdleTime is set; FALSE otherwise.
fPolicyInitialProgram: TRUE indicates the policy for InitialProgram is set; FALSE otherwise.
fPolicySingleSessionPerUser: TRUE indicates the policy for SingleSessionPerUser is set; FALSE otherwise.
fPolicyDisableWallpaper: TRUE indicates the policy for DisableWallpaper is set; FALSE otherwise.
fPolicyKeepAlive: TRUE indicates the policy for KeepAlive is set; FALSE otherwise.
fPolicyEnableTimeZoneRedirection: TRUE indicates the policy for EnableTimeZoneRedirection is set; FALSE otherwise.<108>
fPolicyDisableForcibleLogoff: TRUE indicates the policy for DisableForcibleLogoff is set; FALSE otherwise.<109>
fPolicyLicensingMode: TRUE indicates the policy for LicensingMode is set; FALSE otherwise.<110>
fPolicyExplicitLSDiscovery: TRUE indicates the policy for ExplicitLSDiscovery is set; FALSE otherwise.<111>
fPolicyDisableTerminalServerTooltip: TRUE indicates the policy for DisableTerminalServerTooltip is set; FALSE otherwise.<112>
fDisableClip: TRUE indicates disable client clipboard redirection; FALSE otherwise.
fDisableCam: TRUE indicates disable client audio redirection; FALSE otherwise.
fDisableCcm: TRUE indicates disable client COM port redirection; FALSE otherwise.
fDisableLPT: TRUE indicates disable client LPT port redirection; FALSE otherwise.
fDisableCpm: TRUE indicates disable client printer redirection; FALSE otherwise.
fPromptForPassword: Set to FALSE to log on user with previously provided credentials, or TRUE to prompt the user for password.
ColorDepth: The color depth of the session.<113> The following supported values translate to the number of colors supported:
§ 0x1 256 (8 bpp)
§ 0x2 32,768 (15 bpp)
§ 0x3 65,536 (16 bpp)
§ 0x4 16 million (24 bpp)
§ 0x5 16 million with transparency (32 bpp)
fDenyTSConnections: If set to TRUE, Terminal Services is effectively disabled since remote connections will be declined; FALSE otherwise.
fTempFoldersPerSession: Set to TRUE if there are temporary folders per session instead of one common temp folder, FALSE otherwise.
fDeleteTempFoldersOnExit: If set to TRUE, delete temporary folders on session exit; FALSE otherwise.
fWritableTSCCPermissionsTAB: If set to TRUE, an administrator can change the per-connection security description, FALSE otherwise.
fDisableCdm: TRUE indicates disable client drive redirection; FALSE otherwise.
fForceClientLptDef: TRUE indicates force the client's redirected printer to be the default printer for the user; FALSE otherwise.
fResetBroken: TRUE indicates reset the session if the connection is broken or if the connection or idle timers expire; FALSE otherwise.
fReconnectSame: Set to FALSE to indicate that the user can reconnect from any client computer to a disconnected session. TRUE indicates that the user can reconnect to a disconnected session only from the same client computer that initially established the disconnected session. Logging on from a different client computer will lead to a new Terminal Services session being created.
fSingleSessionPerUser: TRUE indicates each user can have only a single session; FALSE otherwise.
fDisableWallpaper: TRUE indicates display of the desktop wallpaper in the session has been disabled; FALSE otherwise.
fKeepAliveEnable: TRUE indicates KeepAlive is enabled; FALSE otherwise.
fPreventLicenseUpgrade: TRUE indicates licenses are prevented from being upgraded; FALSE otherwise.
fSecureLicensing: TRUE indicates secure licensing is enabled; FALSE otherwise.<114>
fEnableTimeZoneRedirection: TRUE indicates Client time zone redirection is enabled; FALSE otherwise.<115>
fDisableAutoReconnect: TRUE indicates disable auto-reconnect functionality; FALSE otherwise.
fDisableForcibleLogoff: TRUE indicates disable forcible logoff; FALSE otherwise.<116>
fPolicyEncryptRPCTraffic: TRUE indicates policy for EncryptRpcTraffic is set; FALSE otherwise.<117>
fEncryptRPCTraffic: TRUE indicates the policy for EncryptRpcTraffic is set; FALSE otherwise.
fErrorInvalidProfile: Set to TRUE if WFProfilePath, WFHomeDir, or WFHomeDirDrive is invalid (too long), FALSE otherwise.<118>
fPolicyFallbackPrintDriver: TRUE indicates the policy for FallbackPrintDriver is set; FALSE otherwise.<119>
FallbackPrintDriverType: The fallback printer driver type. Can be any of the following values:<120>
-
• NO_FALLBACK_DRIVERS (0x0)
-
• FALLBACK_BESTGUESS (0x1)
-
• FALLBACK_PCL (0x2)
-
• FALLBACK_PS (0x3)
-
• FALLBACK_PCLANDPS (0x4)
fDisableTerminalServerTooltip: TRUE indicates disable terminal server tooltip; FALSE otherwise.<121>
bSecurityLayer: If non-zero, indicates the SSL security layer in use.<122>
fPolicySecurityLayer: TRUE indicates the policy for SecurityLayer is set; FALSE otherwise.<123>
bUserAuthentication: The user authentication level. It can be any of the following values:
TS_USER_AUTHENTICATION_NONE
TS_USER_AUTHENTICATION_VIA_HYBRID
TS_USER_AUTHENTICATION_VIA_SSL
TS_USER_AUTHENTICATION_DEFAULT (same as TS_USER_AUTHENTICATION_NONE)
fPolicyUserAuthentication: TRUE indicates the policy for UserAuthentication is set; FALSE otherwise.<124>
fPolicyTurnOffSingleAppMode: TRUE indicates the policy for TurnOffSingleAppMode is set; FALSE otherwise.<125>
fTurnOffSingleAppMode: TRUE specifies that the desktop is always displayed when a client connects to a remote computer. FALSE specifies an initial program can be specified that runs on the remote computer after the client connects to the remote computer.
fDisablePNPPolicyIsEnfored: TRUE indicates policy for PnP redirection is set, FALSE otherwise.
fDisablePNPPolicyValue: TRUE indicates disable PnP redirection, FALSE otherwise.
MaxInstanceCount: The maximum number of instances that can connect.
LicensingMode: The licensing mode of the server.
MinEncryptionLevel: The minimum allowed encryption level. Possible numeric values for this parameter include 1 (Low), 2 (Client Compatible), 3 (High), and 4 (FIPS). Detailed description of these encryption levels is included in [MS-RDPBCGR] sections 5.3.1 and 5.4.1.
WFProfilePath: The Terminal Services profile path. Overrides standard profile path.
WFHomeDir: The Terminal Services home directory path. Overrides standard home directory.
WFHomeDirDrive: The Terminal Services home directory drive. Overrides standard home directory.
SessionDirectoryActive: Set to TRUE if the machine is part of a Terminal Server Farm, FALSE otherwise. For information about Terminal Server Farms, see [MSFT-SDLBTS].
SessionDirectoryLocation: The name of the Session Directory Server. For information about Session Directory, see [MSFT-SDLBTS].
SessionDirectoryClusterName: The name of the Terminal Server Farm to which this machine belongs. For information about Terminal Server Farms, see [MSFT-SDLBTS].
SessionDirectoryAdditionalParams: Additional parameters to pass to the session directory. This is an opaque type.
SessionDirectoryExposeServerIP: If set to TRUE, expose the server's IP address to the client; otherwise FALSE.
KeepAliveInterval: Specifies the interval between keep-alives.
Shadow: Specifies whether shadowing of the session is allowed.
MaxConnectionTime: The maximum allowed session connection time setting of the session in milliseconds.
MaxDisconnectionTime: The maximum allowed session disconnect time of the session in milliseconds.
MaxIdleTime: The maximum allowed session idle time setting of the session in milliseconds.
WorkDirectory: The work directory for the initial program.
InitialProgram: The program to run instead of the default, if set.<126>
LicenseServers: A hardcoded array of license servers that the server will use instead of using license server discovery.