Configure Client Settings for "remote desktop services"

Configuring user access and client settings for Remote Desktop Services (RDS) on Windows Server 2022 involves several steps to ensure users can securely connect and use the RDS infrastructure. Here's how to configure both:
1. User Access Configuration

1. Step 1: Add Users to the Remote Desktop Users Group
   1. Open System Properties:
      • Right-click This PC > Select Properties.
      • Click Remote Settings in the left-hand menu.
   2. Add Users:
      • Under the Remote Desktop section, click Select Users.
      • Click Add, then type the usernames or groups (e.g., Domain Users) you want to grant access.
      • Click OK to save changes.
2. Step 2: Configure RDS User Access in Active Directory
   1. Access Active Directory Users and Computers:
      • Open the Active Directory Users and Computers management console.
   2. Assign RDS Access:
      • Open the user's properties.
      • Go to the Member Of tab and ensure they are part of the Remote Desktop Users group or a custom security group configured for RDS access.
3. Step 3: Configure RDS Session Host Permissions
   1. Log in to the RD Session Host Server.
   2. Set Permissions:
      • Use Local Security Policy:
        • Open the Local Security Policy console (secpol.msc).
        • Navigate to Local Policies > User Rights Assignment > Allow log on through Remote Desktop Services.
        • Add the appropriate user groups.
4. Step 4: Assign Permissions to Published Apps or Desktops
   1. In Server Manager:
      • Open the Remote Desktop Services section.
      • Configure collections to define which users can access specific remote apps or desktops.
   2. Edit Collection Properties:
      • Select the collection, click Tasks > Edit Properties, and configure user groups.
5. Step 5: Enable Multi-Factor Authentication (Optional but Recommended)
   1. Integrate with an RDS Gateway and configure multi-factor authentication using Azure AD or third-party solutions for enhanced security.

1. Step 1: Customize RDP Connection Properties
   1. Open Group Policy Management:
      • Run gpmc.msc to manage domain-wide policies or gpedit.msc for local policies.
   2. Navigate to RDS Client Settings:
      • Go to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host.
      • Adjust client settings, such as:
        • Device and Resource Redirection: Control clipboard, printer, drive, and USB redirection.
        • RemoteFX settings: Enable or disable hardware acceleration for graphical performance.
   3. Apply Changes:
      • Set the desired options and enforce the policy.
2. Step 2: Configure Licensing Mode
   1. Open Server Manager:
      • Navigate to Remote Desktop Services > Overview.
   2. Set Licensing Mode:
      • Select Per User or Per Device licensing mode.
      • Add a valid license server under RD Licensing Manager.
3. Step 3: Customize RDP Files
   1. Create or Edit RDP Files:
      • Use the built-in Remote Desktop Connection (mstsc.exe) tool to customize settings like resolution, redirection, and saved credentials.
      • Save settings in .rdp files for distribution to users.
4. Step 4: Enable Client Experience Features
   1. Enable Desktop Experience:
      • Ensure the Desktop Experience feature is installed on the RDS Session Host server to provide users with a more familiar interface.
   2. Configure Experience Settings:
      • In the Group Policy editor, navigate to:
        • Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment.
      • Enable or disable features like font smoothing, audio redirection, and video playback.
5. Step 5: Configure Remote Desktop Gateway Settings (Optional)
   1. Open the RD Gateway Manager.
   2. Set policies for client connection authorization and resource authorization.
   3. Configure SSL/TLS settings for secure connections.

Best Practices

1. Use Group Policy to enforce consistent configurations across multiple clients.
2. Secure the RDS environment by enabling SSL/TLS encryption for all client connections.
3. Regularly review and update access permissions to follow the principle of least privilege.
4. Test client configurations in a staging environment before deploying to production users.

You can specify user profiles and home directories that apply only to Terminal sessions. After configuring user access, you can create client installation disks or download the client software across the network to install Terminal Services Client on client computers. Users who have user accounts on the server running Terminal Services are allowed to log on to a Terminal Server by default. To enable or disable the logon process, follow these steps:

1. Open the Properties dialog box for the user
2. Select the Terminal Services Profile tab
3. Select or clear the Allow logon to terminal server
4. Click Apply

The image below shows the Terminal Services Profile tab.

You can also specify home directories and user profiles on this tab. You can assign a profile for a user that applies to Terminal sessions. This enables you to create user profiles that are modified for the Terminal Services environment. For example, you can disable screen savers and animated menu effects, which can slow performance during a Terminal session.

To ensure that system resources are available for active Terminal sessions, you can also set time limits for disconnected and idle sessions. You specify time limits for sessions on the Sessions tab in the RDP-TCP Properties dialog box in Remote Desktopl Services Configuration. Describes the settings for limiting the length of a Remote Desktopl Services session.

Click the Exercise link below to practice installing and configuring Terminal Services.
Installing Configuring-Terminal Services - Exercise
The next lesson demonstrates how to install the Terminal Services Client.