registry settings

Remote Desktop Server (RDS), formerly known as Terminal Services, is a foundational technology in the field of remote access solutions. It allows for trouble-free, anywhere access to Windows PCs and programs.

As an IT administrator, you may be responsible for fine-tuning RDS server registry settings that apply to all users.

It’s important to keep in mind that while RDS’s underlying concepts have stayed the same, Microsoft has made significant upgrades to the platform in recent years.

My goal with this article is to explain the current recommendations for setting registry settings on RDS servers for maximum efficiency and safety.

Overview of Registry Configuration on RDS

The Windows registry stores configuration data and settings for the operating system, applications, and hardware. As an RDS admin, you can configure registry keys and values under HKEY_LOCAL_MACHINE to apply settings globally to all users and sessions.

Some common examples include:

  • Enabling or disabling features in RDP
  • Configuring RemoteApp behavior
  • Setting bandwidth limits
  • Customizing the desktop experience

Registry edits apply immediately, but sometimes you need to force the updates. However, incorrect registry modifications can cause instability or prevent RDS from functioning properly. Always back up the registry before making changes.

Recommended Approach

The traditional method of configuring the registry on RDS was to manually edit registry keys on the server. However, this exposes the risk of human error and can make future troubleshooting difficult.

The modern best practice is to use Group Policy Objects (GPOs) to configure registry settings. GPOs provide a centralized and automated way to apply registry configurations predictably and repeatedly.

Here are some benefits of using GPOs:

  • Simplifies management: All registry settings are configured in one place rather than editing values manually on each server.
  • Reduces mistakes: GPOs allow validation and prevent typos that could break RDS.
  • Enhances visibility: Settings are transparent and easy to audit when needed.
  • Enables reversibility: If issues emerge, reverting any changes is straightforward.
  • Allows delegation: IT admins can delegate GPO access to configurers without granting full server rights.
  • Applies automatically: GPO registry settings deploy instantly. Sometimes a reboot is needed.

We’ll cover how to use GPOs to configure registry settings on RDS later in this article. First, let’s look at some of the key registry settings you may need to configure.

Common RDS Registry Configurations

Here are some of the most common RDS registry settings to configure via GPO for all Remote Desktop users in your environment:

RDP Configuration Settings

The HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp key contains many configurable RDP protocol settings. For example:

  • SecurityLayer – Enables/disables network level authentication
  • AuthenticationLevel – Sets the permitted authentication level
  • MinEncryptionLevel and MaxEncryptionLevel – Configures encryption levels

RemoteApp Settings

The HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\TsAppAllowList key controls the behavior and availability of RemoteApps. You can set options like:

  • Enabling or disabling specific RemoteApps
  • Permitting only defined RemoteApps (lockdown)
  • Forcing apps to open seamlessly or in their own windows

Session Limits

Configure concurrent session limits by editing HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\Licensing Core. The MaxConcurrentSessions value controls the maximum number of sessions.

Bandwidth Limits

You can throttle bandwidth per session or per user by creating new keys under HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\TSAppGroupPolicy. The keys should follow the format of GUID_NAME, where NAME is your desired bandwidth policy name.

Configure the bandwidth limit value in kbps under the MaxBandwidth value in the key you created.

Customized Desktop Experience

Some common examples include:

  • Enabling drive and printer redirection – HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services
  • Showing/hiding system tray icons – HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\Client\Configuration
  • Configuring wallpapers – HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

Refer to Microsoft’s documentation for full details on available policy settings to customize the user experience.

Using Group Policy Objects to Configure RDS Registry

Now let’s look at how to configure these registry settings using the preferred Group Policy Object (GPO) method.

Create a New GPO

  1. On your Active Directory domain controller, open the Group Policy Management Console (GPMC).
  2. Right-click “Group Policy Objects” and select New.
  3. Give the GPO a name like “RDS Global Registry Settings”.
  4. Select this new GPO and click Edit to begin configuring the settings.

Add Registry Policies

  1. Navigate to Computer Configuration > Preferences > Windows Settings > Registry
  2. Right-click Registry and select New > Registry Item
  3. In the New Registry Properties window:
  4. Specify the registry hive, key path, value name, and value data
  5. Select the action to take (Create, Replace, or Delete)
  6. Enable “Applies to” all computers in the domain
  7. Click OK to create the registry policy.
  8. Repeat steps 2-4 to add additional registry settings as needed.

Link GPO to RDS Servers

  1. In the GPMC, right-click your new GPO and click Link.
  2. In the window that opens, choose the OU containing your RDS servers.
  3. Click OK to link the GPO. It will now apply these registry settings automatically.

The registry policies will configure the keys as defined the next time Group Policy is processed on the RDS servers. You can also force a GP update using the command gpupdate /force after linking the new GPO.

Verifying and Troubleshooting GPOs

Follow these best practices to validate, audit, and troubleshoot your RDS registry GPO:

  • Confirm that the GPO is linked to the correct OU with inheritance enabled.
  • Check the Effective Policy tab under Computer Configuration to verify settings.
  • Regularly audit the registry on RDS servers to check for expected values.
  • Adjust precedence as needed if multiple GPOs configure the same keys.
  • Check the event log for Group Policy errors and warnings.
  • Enable logging with gpresult /h gpreport.html to analyze the GPO application.

Group Policy Objects provide a much safer, more flexible, and centralized way to configure registry settings on RDS hosts. With proper planning and validation, you can reduce errors and improve the manageability of your RDS environment.

Additional Recommendations for RDS in 2023

Aside from using GPOs for registry configuration, here are some other modern best practices for RDS:

In Summary

With Remote Desktop Services now on Windows Server 2022, Microsoft has added many enhancements over the past few years. Following modern best practices, like using GPOs to configure registry settings, can help you improve manageability and security.

RDS still provides a cost-effective virtualization solution for delivering desktops and apps, especially when combined with the cloud capabilities of Azure Virtual Desktop.

That sums up our guidance on configuring registry settings for all users on Remote Desktop Services.

I hope this article helps!

Other Topics:

Similar Posts