If you would like to read the other parts in this article series please go to
- Microsoft RDS Policies explained (Part 1)
- Microsoft RDS Policies explained (Part 2)
- Microsoft RDS Policies explained (Part 4)
In Part 1 of the article series MS RDS Policies explained, we started with describing how RDS settings can be configured and that the policies always win. We continued describing the policy locations both available within the machine- and user configuration. In part two we started describing the settings available on the computer configuration level for the RD Session Host.
Remote Desktop Session Host
Figure 1: Remote Desktop Session Host - Licensing
Licensing – Use the specified Remote Desktop license servers
If this policy is not configured, an auto discover process will start which will look for RD License Servers published in AD, followed by looking for RD License Servers installed on a Domain Controller. If you would like to overrule this process you can define the RDS License Server names in this policy setting.
Licensing – Hide notifications about RD Licensing problems that affect the RD Session Host server
An RD Session Host will mention license issues when a user defined in the local administrator logs on to the RD Session Host. If you don’t want such users to be notified about license issues you can enable this policy (but I don’t recommend that).
Licensing – Set the Remote Desktop licensing mode
Microsoft has two types of RDS licenses, per user or per device. Which you use depends on the situation (do you have more users than devices or more devices than users). Each RD Session Host can issue one of the two types. With this setting you can define which type (per user or per device) the RD Session Host will support.
I already discussed these settings in detail in the article How to configure Microsoft RDS Universal Printing, earlier published on Virtualizationadmin.com.
Figure 2: Remote Desktop Session Host - Profiles
Profiles – Limit the size of the entire roaming profile cache
With this setting you can specify how large all the user profiles together are allowed to grow on the local RD Session Host. You define a monitor interval and the maximum size allowed. The policy mentions that this only applies to roaming profiles. These are not that much more on the RD Session Host actually.
Profiles – Set Remote Desktop Services User Home Directory
If you would like to specify a home directory for the user there are several methods. One is to specify those on the user object within AD. If you would like to have another location for the RD Session Host or don’t want to specify the User Home directory on a per user basis, you can use this setting to define the home directory that will be mapped into the RD session.
Profiles – Use Mandatory Profiles on the RD Session Host Server
For a long time mandatory profiles were the profiles advised to use on an RD Session Host. To simply arrange the configuration of a Mandatory Profile MS added this policy setting. When you enable this setting you need to define the location of the mandatory profile at “Set Path for Remote Desktop Services Roaming User Profile”. Currently I advise not to use a mandatory profile anymore, but a local profile combined with a profile management solution, for more information see my article The alternatives for mandatory profiles.
Profiles – Set Path for Remote Desktop Services Roaming User Profile
Just like the home directory, there are several ways to configure the location of the user profile. If you would like to have a special user profile for the RD Session Host(s), you can define a location. This can also be used if you can’t/don't want to specify the user profile location for each user seperatly. Also this setting is used to define the location of the mandatory profile if you configured the setting “Use Mandatory Profiles on the RD Session Host Server”. If you use this setting don’t add a username to the path as this is automatically added.
Figure 3: Remote Desktop Session Host – RD Connection Broker
RD Connection Broker – Join RD Connection Broker
If you are using multiple RD Session Hosts providing the same functionality, you may like to divide the users via the Connection Broker. To add a Session Host to a Connection Broker based RD Farm you can use the Join RD Connection Broker policy to automate this process. If you enable this policy, you also need to define the policies Configure RD Connection Broker farm name and Configure RD Connection Broker server name.
RD Connection Broker – Configure RD Connection Broker farm name
When you have enabled the Join RD Connection Broker setting, you need to specify the Broker farm name in this setting. If the name already exists the RD Session Host will join the current farm. If the name does not exist, a new Connection Broker farm will be established.
RD Connection Broker – Use IP Address Redirection
With this setting you can control the way a client connects to the RD Session Host after the client is redirected by the Connection Broker to a specific RD Session Host. By default the client is redirect to the session host by providing the IP address of that RD Session host (IP Address Redirection). If the RD Session Hosts are not directly addressable by the client you should disable IP Address Redirection, the client will be routed based on a token via the Connection Broker.
RD Connection Broker – Configure RD Connection Broker server name
To be part of the Connection Broker farm, you need to specify the name of the server which has the Connection Broker role within this setting. This setting will only be used if you enabled the Join RD Connection Broker setting. In Windows 2012R2 Microsoft supports multiple Connection Brokers (high availability) where all servers should be listed in this setting separated by a semi-colon.
RD Connection Broker – Use RD Connection Broker load balancing
By Enabling this setting sessions that are set-up directly to the RD Session Host will be redirected to the Connection Broker Load Balancing farm. This setting actually enables the load balancing possibilities provided by using the Connection Broker for the RD Session Host.
Figure 4: Remote Desktop Session Host – Remote Session Environment
Remote Session Environment – Remote FX for Window Server 2008R2
Within this subfolder you will find three settings for configuring RemoteFX for Window Server 2008R2 servers. In the folder Remote Session Environment you will also find RemoteFX settings, but those apply to Windows Server 2012 and higher. For the RD Session Host to use RemoteFX on Windows 2008 R2 you need to enable the setting “Configure RemoteFX”. If you would like to change the default behavior of RemoteFX from Rich Multimedia to Text you configure the setting “Optimize visual experiences for Remote Desktop Service Sessions”. The last setting you can configure for Windows 2008R2 is Screen Capture Rate and Screen Image quality in the setting “Optimize visual experience when using RemoteFX”.
Remote Session Environment – Allow desktop composition for remote desktop sessions
This setting also only applies to Windows 2008R2. With this setting you can enable Desktop Composition (Windows Aero features) on the RD Session Host. Logically this will have a performance impact so make good calculations when you enable this setting. Also the Aero requirements should be fulfilled before it is even possible for the Desktop Composition setting to be enabled.
Remote Session Environment –Always show desktop on connection
Within the RD Client a user can define a program that should be started (initial program). If you don’t want users to start a program at start-up, you enable this setting. This will lead to a full desktop always being shown.
Remote Session Environment – Configure compression for RemoteFX data
By default the RDP compression algorithm is based on the server hardware configuration. If you would like to fully control the compression algorithm you can define the compression type in this setting. Settings available are Optimize to use less memory (but will require more network), Optimize to use less network bandwidth (requires more memory), balances memory and network bandwidth and do not use an RDP compression algorithm.
Remote Session Environment – Configure image quality for RemoteFX Adaptive Graphics
Here you can configure the image quality provided within RDP sessions. Default a Medium quality if offered, but if a higher level is required (High or Lossless), it can be configured via this setting. Logically this impacts network bandwidth usage.
Remote Session Environment – Configure RemoteFX Adaptive Graphics
With Configure RemoteFX Adaptive Graphics you can configure on which factor the RDP experience should be determined. By default the option Let the system choose experience for network condition is being used, other possible options are optimize for server scalability and optimize for minimum bandwidth usage.
Remote Session Environment – Do not allow font smoothing
Font Smoothing is introduced for clear and smooth fonts on LCD monitors. However Font Smoothing require additional bandwidth resources, so if your bandwidth is limited you can disable Font Smoothing via this policy.
Remote Session Environment – Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1
To use RemoteFX the client should have specific codes available. Those codes are updated with the introduction of Window Server 2012 RDS. For (mostly) Thin Clients that only have the 2008R2 codecs available, you can enable this option for backward compatability.
Remote Session Environment – Enforce Removal of Remote Desktop Wallpaper
This setting has been available for a long time. A wallpaper can be large, so it can impact the performance of the RD session. By enforcing the removal of the wallpaper this possible impact is not the case anymore.
Remote Session Environment – Limit maximum color depth
This policy does not apply anymore to Window Server 2012R2 (based on the RDP 8.0 client) that always use 32bit, but for older versions you can specify the color depth for the RDP session. Some depths are not available on all operating system levels.
Remote Session Environment – Limit maximum display resolution
This setting can be used to define a maximum resolution. Nowadays, with LCD monitors, I do not advise setting a maximum resolution as those monitors don’t work very well with lower resolutions that they should support.
Remote Session Environment – Limit number of monitors
From Windows 2008 R2 Microsoft fully supports multiple monitors. Currently up to 16 monitors are supported, but with this setting you can define how many monitors you would like to allow (between one and sixteen).
Remote Session Environment – Remove “Disconnect” option form Shut Down Dialog
If you don’t want users to (easily) disconnect their session, you can configure this setting so the Disconnect option is removed for the Shut Down Dialog. However this does not prevent users from disconnecting the session via other methods, it only makes it more difficult to disconnect (in my opinion, disconnecting a session is not a bad thing).
Remote Session Environment – Remove Windows Security item from Start Menu
With this setting enabled the Windows Security item is removed from the Start Menu. However this does not guarantee that the users can access the option within the Windows Security for example using <CTRL>+<ALT>+<END>.
Remote Session Environment – Start a program on connection
Personally I think this one is an obsolete setting for Windows 2003 Terminal Servers. As Microsoft currently offers RemoteApps there are much better ways to start a program than using this feature. However if you specify a program here and a user connects to a Remote Desktop Session, this application is automatically started.
Remote Session Environment – Use advanced RemoteFX graphics for RemoteApp
This session enables a RemoteApp to offer the same functionalities as a local app like live thumbnails, transparency and more. By default this option is enabled, so you are only required to configure this policy when you would like to disable the advanced graphics feature (only applicable for Window Server 2012 R2).
Remote Session Environment – Use the hardware default graphics adapter for all Remote Desktop Services sessions
Also a policy introduced with Window Server 2012 R2. It’s now possible to use hardware graphics adapter for rendering graphics. By default the Microsoft Basic Render Driver is being used. I do not have experience with this, so I cannot share any more about this feature yet.
In this third article I continued describing the available policies that can be defined on the RD Session Host. As there are many policies on this level we still haven't touched them all. In the fourth article I will continue describing the settings available for the RD Session Host, followed by the settings available on the user configuration level.
If you would like to read the other parts in this article series please go to