Поделиться через


Connections

Applies To: Windows Server 2008 R2

Policy settings in this node control connection settings on a Remote Desktop Session Host server.

The full path of this node in the Group Policy Management Console is Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.

Note

If you are using the Local Group Policy Editor, Policies is not part of the node path.

Available policy settings

Name Explanation Requirements

Automatic reconnection

Specifies whether to allow Remote Desktop Connection clients to automatically reconnect to sessions on an RD Session Host server if their network link is temporarily lost. By default, a maximum of twenty reconnection attempts are made at five second intervals.

If the status is set to Enabled, automatic reconnection is attempted for all clients running Remote Desktop Connection whenever their network connection is lost.

If the status is set to Disabled, automatic reconnection of clients is prohibited.

If the status is set to Not Configured, automatic reconnection is not specified at the Group Policy level. However, users can configure automatic reconnection using the Reconnect if connection is dropped checkbox on the Experience tab in Remote Desktop Connection.

At least Windows XP Professional or Windows Server 2003 family

Allow users to connect remotely using Remote Desktop Services

This policy setting allows you to configure remote access to computers using Remote Desktop Services.

If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer using Remote Desktop Services.

If you disable this policy setting, users cannot connect remotely to the target computer using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections.

If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether remote connection is allowed. This setting is found on the Remote tab in System Properties. By default, remote connection is not allowed.

Note
You can limit which clients are able to connect remotely using Remote Desktop Services by configuring the Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication policy setting. You can limit the number of users who can connect simultaneously by configuring the Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections policy setting or by configuring the Maximum Connections option on the Network Adapter tab in the Remote Desktop Session Host Configuration tool.

At least Windows XP Professional or Windows Server 2003 family

Deny logoff of an administrator logged in to the console session

This policy setting determines whether an administrator attempting to connect remotely to the console of a server can log off an administrator currently logged on to the console.

This policy is useful when the currently connected administrator does not want to be logged off by another administrator. If the connected administrator is logged off, any data not previously saved is lost.

If you enable this policy setting, logging off the connected administrator is not allowed.

If you disable or do not configure this policy setting, logging off the connected administrator is allowed.

Note

The console session is also known as Session 0. Console access can be obtained by using the /console switch from Remote Desktop Connection in the computer field name or from the command line.

At least Windows XP and Windows Server 2003 only

Configure keep-alive connection interval

This policy setting allows you to enter a keep-alive interval to ensure that the session state on the RD Session Host server is consistent with the client state.

After an RD Session Host server client loses the connection to an RD Session Host server, the session on the RD Session Host server might remain active instead of changing to a disconnected state, even if the client is physically disconnected from the RD Session Host server. If the client logs on to the same RD Session Host server again, a new session might be established (if the RD Session Host server is configured to allow multiple sessions), and the original session might still be active.

If you enable this policy setting, you must enter a keep-alive interval. The keep-alive interval determines how often, in minutes, the server checks the session state. The range of values you can enter is 1 to 999,999.

If you disable or do not configure this policy setting, a keep-alive interval is not set and the server will not check the session state.

At least Windows Server 2003

Limit number of connections

Specifies whether Remote Desktop Services limits the number of simultaneous connections to the server.

You can use this setting to restrict the number of Remote Desktop Services sessions that can be active on a server. If this number is exceeded, additional users who try to connect receive an error message telling them that the server is busy and to try again later. Restricting the number of sessions improves performance because fewer sessions are demanding system resources. By default, RD Session Host servers allow an unlimited number of Remote Desktop Services sessions, and Remote Desktop for Administration allows two Remote Desktop Services sessions.

To use this setting, enter the number of connections you want to specify as the maximum for the server. To specify an unlimited number of connections, type 999999.

If the status is set to Enabled, the maximum number of connections is limited to the specified number consistent with the version of Windows and the mode of Remote Desktop Services running on the server.

If the status is set to Disabled or Not Configured, limits to the number of connections are not enforced at the Group Policy level.

Note

This setting is designed to be used on RD Session Host servers (that is, on servers running Windows with Remote Desktop Session Host role service installed).

At least Windows Server 2003

Set rules for remote control of Remote Desktop Services user sessions

This policy setting allows you to specify the level of remote control permitted in a Remote Desktop Services session.

You can use this policy setting to select one of two levels of remote control: View Session or Full Control. View Session permits the remote control user to watch a session. Full Control permits the administrator to interact with the session. Remote control can be established with or without the user's permission.

If you enable this policy setting, administrators can remotely interact with a user's Remote Desktop Services session according to the specified rules. To set these rules, select the desired level of control and permission in the Options list. To disable remote control, select No remote control allowed.

If you disable or do not configure this policy setting, remote control rules are determined by the setting on the Remote Control tab in the Remote Desktop Session Host Configuration tool. By default, remote control users have full control of the session with the user's permission.

Note

This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence.

At least Windows XP Professional or Windows Server 2003 family

Restrict Remote Desktop Services users to a single Remote Desktop Services session

This policy setting allows you to restrict users to a single Remote Desktop Services session.

If you enable this policy setting, users who log on remotely using Remote Desktop Services will be restricted to a single session (either active or disconnected) on that server. If the user leaves the session in a disconnected state, the user automatically reconnects to that session at next logon.

If you disable this policy setting, users are allowed to make unlimited simultaneous remote connections using Remote Desktop Services.

If you do not configure this policy setting, the Restrict each user to one session setting in the Remote Desktop Session Host Configuration tool will determine if users are restricted to a single Remote Desktop Services session.

At least Windows Server 2003

Allow remote start of unlisted programs

This policy setting allows you to specify whether remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session, or whether they can only start programs that are listed in the RemoteApp Programs list.

You can control which programs on an RD Session Host server can be started remotely by using the RemoteApp Manager tool to create a list of RemoteApp programs. By default, only programs in the RemoteApp Programs list can be started when a user starts a Remote Desktop Services session.

If you enable this policy setting, remote users can start any program on the RD Session Host server when they start a Remote Desktop Services session. For example, a remote user can do this by specifying the program's executable path at connection time by using the Remote Desktop Connection client.

If you disable or do not configure this policy setting, remote users can only start programs that are listed in the RemoteApp Programs list in RemoteApp Manager when they start a Remote Desktop Services session.

At least Windows Server 2008

Turn off Fair Share CPU Scheduling

Fair Share CPU Scheduling dynamically distributes processor time across all Remote Desktop Services sessions on the same RD Session Host server, based on the number of sessions and the demand for processor time within each session.

If you enable this policy setting, Fair Share CPU Scheduling is turned off.

If you disable or do not configure this policy setting, Fair Share CPU Scheduling is turned on.

At least Windows Server 2008 R2