Policy
Allow .rdp files from valid publishers and user's default .rdp settings
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: WindowsVista
This policy setting allows you to specify whether users can run Remote Desktop Protocol (.rdp) files from a publisher that signed the file with a valid certificate. A valid certificate is one that is issued by an authority recognized by the client, such as the issuers in the client's Third-Party Root Certification Authorities certificate store. This policy setting also controls whether the user can start an RDP session by using default .rdp settings (for example, when a user directly opens the Remote Desktop Connection [RDC] client without specifying an .rdp file). If you enable or do not configure this policy setting, users can run .rdp files that are signed with a valid certificate. Users can also start an RDP session with default .rdp settings by directly opening the RDC client. When a user starts an RDP session, the user is asked to confirm whether they want to connect. If you disable this policy setting, users cannot run .rdp files that are signed with a valid certificate. Additionally, users cannot start an RDP session by directly opening the RDC client and specifying the remote computer name. When a user tries to start an RDP session, the user receives a message that the publisher has been blocked. Note: You can define this policy setting in the Computer Configuration node or in the User Configuration node. If you configure this policy setting for the computer, all users on the computer are affected.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\AllowSignedFiles | REG_DWORD | 1 | 0 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerAllow .rdp files from unknown publishersAt least Windows Vista with Service Pack 1
- UserAllow .rdp files from unknown publishersAt least Windows Vista with Service Pack 1
- UserAllow .rdp files from valid publishers and user's default .rdp settingsAt least Windows Vista with Service Pack 1
- ComputerConfigure server authentication for clientAt least Windows Vista with Service Pack 1
- ComputerDisable Cloud Clipboard integration for server-to-client data transferAt least Windows 11 Version 22H2
- ComputerDo not allow hardware accelerated decodingAt least Windows Server 2016, Windows 10
- UserDo not allow passwords to be savedAt least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
- ComputerDo not allow passwords to be savedAt least Windows Server 2003 operating systems with SP1 or Windows XP Professional with SP2
- ComputerPrompt for credentials on the client computerAt least Windows Vista with Service Pack 1
- ComputerSpecify SHA1 thumbprints of certificates representing trusted .rdp publishersAt least Windows Vista with Service Pack 1
- UserSpecify SHA1 thumbprints of certificates representing trusted .rdp publishersAt least Windows Vista with Service Pack 1
- ComputerTurn Off UDP On ClientAt least Windows 8 or Windows RT