Modifying the Group Policy
Prerequisites
You have obtained the account and its password of the server administrator.
Starting Local Group Policy Editor
Open the command line interface and enter gpedit.msc to open Local Group Policy Editor.
Selecting the Specified Remote Desktop License Servers
- Choose Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Licensing.
- Double-click Use the specified Remote Desktop license servers.
- In the displayed dialog box, select the Enabled option.
- Click OK.
Hiding Notifications About RD Licensing Problems that Affect the RD Session Host Server
- Choose Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Licensing.
- Double-click Hiding notifications about RD Licensing problems that affect the RD Session Host Server.
- Select the Enable option.
- Then, click OK.
Setting the Remote Desktop Licensing Mode
- Choose Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Licensing.
- Double-click Set the Remote Desktop licensing mode.
- Select Enabled to enable the remote desktop licensing mode.
In the displayed window, select the Enabled option. In the Options area, under Specify the licensing mode for the RD Session Host server, select Per User from the drop-down list.
- Then, click OK.
Limit number of connections
- Choose Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
- Double-click Limit Number of Connections.
- Select the Enabled option.
Set RD Maximum Connections allowed to 999999.
- Then, click OK.
Allowing Remote Start of Unlisted Programs
- Choose Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
- Double-click Allow remote start of unlisted programs.
- In the displayed dialog box, select the Enabled option.
- Then, click OK.
Restrict Remote Desktop Services users to a single Remote Desktop Services session
- Choose Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.
- Double-click Restrict Remote Desktop Services users to a single Remote Desktop Services session.
- In the displayed window, select the Disabled option.
- Then, click OK.
Setting Time Limit for Disconnected Sessions
- Choose Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Session Time Limits.
- Double-click Set time limit for disconnected sessions.
- In the displayed dialog box, select the Enabled option.
Set End a disconnected session to 1 minute.
- Then, click OK.
Disabling Automatic Root Certificates Update (CBH V3.3.26.0 or Later)
If your CBH system is earlier than V3.3.26.0, skip this operation. If your CBH system is upgrade to V3.3.26.0 or later, perform the following steps.
- Choose Administrative Templates > System > Internet Communication Management.
- Double-click Turn off Automatic Root Certificates Update.
- Select Enabled.
- Then, click OK.
Configuring Certificate Path Validation Settings (CBH V3.3.26.0 or Later)
If your CBH system is earlier than V3.3.26.0, skip this operation. If your CBH system is upgrade to V3.3.26.0 or later, perform the following steps.
- Choose Windows Settings > Security Settings > Public Key Policies.
- Double-click Certificate Path Validation Settings.
- Click the Network Retrieval tab.
- Clear the Automatically update certificates in the Microsoft Root Certificate Program (recommended) check box.
Set Default URL retrieval timeout (in seconds) to 1.
- Then, click OK.
Refreshing the Local Group Policy
- Close the Local Group Policy Editor window.
- Open the Run box and run the gpupdate /force command to refresh the local policy.
- The application publish server has been deployed. To test its function, add this server and applications on it to your bastion host.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.