?
Solved

Remote Desktop Services Group Policy  entries missing

Posted on 2013-10-23
15
Medium Priority
?
3,307 Views
Last Modified: 2013-11-04
I have a Windows 2008 R2 DC.
I have loaded the Windows 7 and 2008 R2 administrative templates into GPO
I have checked that the GPO says "Policy definitions (ADMX files) retrieved from the central store."
I have an "administrative templates\windows components\remote desktop services\remote session host\remote session environment" section in my GPO
I have no equivalent Terminal Services section.

So I'm pretty sure I have loaded the correct .admx file and it's there.

But I have missing entries in there. I only have 3 showing...

Start a program on connection
Always show desktop on connection
Remove remote desktop wallpaper

I do not have the following....

Limit maximum color depth
Enforce Removal of Remote Desktop Wallpaper
Configure RemoteFX
Limit maximum display resolution
Limit maximum number of monitors
Remove “Disconnect” option from Shut Down dialog
Remove Windows Security item from Start menu
Optimize visual experience when using RemoteFX
Set compression algorithm for RDP data
Optimize visual experience for Remote Desktop Services sessions
Allow desktop composition for remote desktop sessions
Do not allow font smoothing

Where can I get these ? I suspect I have the wrong admx file - what is the name of the one I need ? I have admx files from July 2010

Thanks

Chris
0
Comment
Question by:UKBerty
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
15 Comments
 
LVL 14

Assisted Solution

by:Raj-GT
Raj-GT earned 750 total points
ID: 39593606
Looks like you have the correct templates from July 2010 (http://www.microsoft.com/en-gb/download/details.aspx?id=6243)

Have you copied the correct language files for everything? I would suggest deleting and recreating the central store from scratch with a fresh download. Also, please ensure you are editing the GPO from a Windows 7 or Server 2008 R2 machine.
0
 

Author Comment

by:UKBerty
ID: 39593625
I have copied in the admx and language files again - no change.

If I remove the terminalserver.admx and terminalserver-server.admx from my pooicydefinitions then the entries for remote desktop services disappear in my GPO, so I know it us looking at these.

If I edit en-us\terminalserver-server.adml I can see the entry for TS_NoDisconnectMenu. This is referenced in teminalserver.admx. So that look OK.

So everything is in place, it just won't display it in GPO editor.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39593642
Can you try creating a new policy from a Windows 7 or Server 2008 R2 machine and see if the options show up. Maybe the policy itself is corrupt.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:UKBerty
ID: 39593646
Not a bad idea. Sadly it's the same.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39593860
Have you tried editing/creating GPOs from a different machine? The issue may well be local.
0
 
LVL 9

Expert Comment

by:VirastaR
ID: 39593948
Hi,

1) To Check
How to Implement the Central Store for Group Policy Admin Templates, Completely (Hint: Remove Those .ADM files!)
http://blogs.technet.com/b/askpfeplat/archive/2011/12/12/how-to-implement-the-central-store-for-group-policy-admin-templates-completely-hint-remove-those-adm-files.aspx

2) To Follow
Managing Group Policy ADMX Files Step-by-Step Guide
http://technet.microsoft.com/en-us/library/cc709647(v=ws.10).aspx

3) To Troubleshoot
Enabling Remote Desktop Through Group Policy
http://social.technet.microsoft.com/Forums/windowsserver/en-US/884e585f-f749-499b-a470-02dd9cf26a09/enabling-remote-desktop-through-group-policy

Hope that helps :)
0
 

Author Comment

by:UKBerty
ID: 39609047
Raj - I have created another Win2008 DC and it's just the same.

Could this be to do with domain functional level - this is 2003 as I have 2x2003 DC and 2x2008 DC ?
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39609314
Jusr to confirm again, are you using Server 2008 R2 or Windows 7 machine to edit/create the GPOs? The domain functional level doesn't matter as long as you edit the policy from a supported client (Windows 7 or 2008 R2 in this instance).
0
 

Author Comment

by:UKBerty
ID: 39609317
Yes - I'm on Win2008 r2, but there are windows 2003 DCs in the domain.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39609343
You can have 2003 DCs in the mix it doesn't matter. Check and see if replication is working alright on all your DCs.

You should see the policy definitions on all DCs under C:\Windows\sysvol\domain\policies\PolicyDefinitions\ folder together with the correct language files folder (C:\Windows\sysvol\domain\policies\PolicyDefinitions\en-US as a minimum). Can you also try changing the target domain controller to a different one in your GPMC console and see if the options show up?
0
 

Author Comment

by:UKBerty
ID: 39609394
I thought you had it there, but no.

I changed the domain controller but it's the same. I have now moved the PDC role so that the default server it goes to is an Windows 2008 DC not 2003. This also has not made them appear.

As I have said:-

If I remove the terminalserver.admx and terminalserver-server.admx from my pooicydefinitions then the entries for remote desktop services disappear in my GPO, so I know it us looking at these.

If I edit en-us\terminalserver-server.adml I can see the entry for TS_NoDisconnectMenu. This is referenced in teminalserver.admx. So that look OK.

I have checked that the GPO says "Policy definitions (ADMX files) retrieved from the central store."


I think it is all working and it not showing me these options for a reason - I just don't know what that reason is.

Thanks for your help on this.
0
 

Author Comment

by:UKBerty
ID: 39611235
I've just had a look around at other systems and found them all the same - these entries don't appear on any of them !

I have looked on SBS20011 (so that's 2008 r2) - this was a fresh install out the box
Also look at a 2008/2012 system - looked on the 2012 DC and no sign there either.

Have logged a call with Microsoft as am getting nowhere.

Thanks for your help anyway.
0
 
LVL 14

Expert Comment

by:Raj-GT
ID: 39611311
Did you compare the admx files inside the sysvol shares. Do they all have the same timestamp and size. Looks like opening a case with MS is the only option in this case.
0
 

Accepted Solution

by:
UKBerty earned 0 total points
ID: 39611400
Raj - thanks for your help and attention on this. Have spoken to Microsoft and, er.... I was looking in the wrong place.

Turns out "remove disconnect from start menu" is under computer rather than user policies. I thought it would be with all the other "start menu" items, but no.

So it was there all the time.

Microsoft are kindly not charging for my incident.... which is nice.

I will award points for your efforts.
0
 

Author Closing Comment

by:UKBerty
ID: 39621059
Was looking in User rather than Computer for policy. Had to speak to Microsoft for them to point this out
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question