Policy
Allow users to connect remotely by using Remote Desktop Services
Windows 11 25H2
Policy overview
Key metadata and intent for this policy.
Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista, WindowsXP
This policy setting allows you to configure remote access to computers by using Remote Desktop Services. If you enable this policy setting, users who are members of the Remote Desktop Users group on the target computer can connect remotely to the target computer by using Remote Desktop Services. If you disable this policy setting, users cannot connect remotely to the target computer by using Remote Desktop Services. The target computer will maintain any current connections, but will not accept any new incoming connections. If you do not configure this policy setting, Remote Desktop Services uses the Remote Desktop setting on the target computer to determine whether the remote connection is allowed. This setting is found on the Remote tab in the System properties sheet. By default, remote connections are not allowed. Note: You can limit which clients are able to connect remotely by using Remote Desktop Services by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using Network Level Authentication. You can limit the number of users who can connect simultaneously by configuring the policy setting at Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Limit number of connections, or by configuring the policy setting Maximum Connections by using the Remote Desktop Session Host WMI Provider.
Registry values
How enabled and disabled states update the registry.
| Registry location | Type | Enabled value | Disabled value |
|---|---|---|---|
| HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections | REG_DWORD | 0 | 1 |
Policy elements
Inputs and configuration options exposed by this policy.
This policy has no additional user input fields.
Other policies in this category
Explore related policies at the same level.
- ComputerAllow remote start of unlisted programsWindowsServer2008
- ComputerAutomatic reconnectionAt least Windows Server 2003 operating systems or Windows XP Professional
- ComputerConfigure keep-alive connection intervalAt least Windows Server 2003
- ComputerDeny logoff of an administrator logged in to the console sessionAt least Windows XP and Windows Server 2003 only
- ComputerLimit number of connectionsAt least Windows Server 2003
- ComputerRestrict Remote Desktop Services users to a single Remote Desktop Services sessionAt least Windows Server 2003
- ComputerSelect network detection on the serverAt least Windows Server 2012, Windows 8 or Windows RT
- ComputerSelect RDP transport protocolsAt least Windows Server 2012, Windows 8 or Windows RT
- UserSet rules for remote control of Remote Desktop Services user sessionsWindows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP
- ComputerSet rules for remote control of Remote Desktop Services user sessionsWindows Server 2008 R2, Windows Server 2008, Windows Server 2003, Windows 7, Windows Vista, and Windows XP
- ComputerSuspend user sign-in to complete app registrationAt least Windows 8 Enterprise or Windows Server 2012
- ComputerTurn off Fair Share CPU SchedulingAt least Windows Server 2008 R2