Policy selection for ADMX packs

Policy overview

Key metadata and intent for this policy.

ClassComputer

CategoryWindows Components > Remote Desktop Services > Remote Desktop Session Host > Security

Supported onAt least Windows Server 2003

Supported OS tags: Windows10, Windows10RT, Windows11, Windows7, Windows8, Windows81, WindowsRT, WindowsRT81, WindowsServer2003, WindowsServer2008, WindowsServer2012, WindowsServer2012R2, WindowsServer2016, WindowsVista

This policy setting specifies whether to disable the administrator rights to customize security permissions for the Remote Desktop Session Host server. You can use this setting to prevent administrators from making changes to the user groups allowed to connect remotely to the RD Session Host server. By default, administrators are able to make such changes. If you enable this policy setting the default security descriptors for existing groups on the RD Session Host server cannot be changed. All the security descriptors are read-only. If you disable or do not configure this policy setting, server administrators have full read/write permissions to the user security descriptors by using the Remote Desktop Session WMI Provider. Note: The preferred method of managing user access is by adding a user to the Remote Desktop Users group.

Internal name

TS_TSCC_PERMISSIONS_POLICY

Policy ID

45498a9eaed6

Elements

Registry values

How enabled and disabled states update the registry.

Registry location	Type	Enabled value	Disabled value
HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fWritableTSCCPermTab	REG_DWORD	0	1

Policy elements

Inputs and configuration options exposed by this policy.

This policy has no additional user input fields.

Other policies in this category

Explore related policies at the same level.