User configuration administrative templates desktop desktop

Use this encryption level in environments that contain only bit clients for example, clients that run Remote Desktop Connection. Clients that do not support this encryption level cannot connect to RD Session Host servers.

Client Compatible: The Client Compatible setting encrypts data sent between the client and the server at the maximum key strength supported by the client.

Use this encryption level in environments that include clients that do not support bit encryption. Low: The Low setting encrypts only data sent from the client to the server by using bit encryption. If you disable or do not configure this setting, the encryption level to be used for remote connections to RD Session Host servers is not enforced through Group Policy. FIPS compliance can be configured through the System cryptography.

The FIPS compliant setting encrypts and decrypts data sent from the client to the server and from the server to the client, with the Federal Information Processing Standard FIPS encryption algorithms, by using Microsoft cryptographic modules.

Use this encryption level when communications between clients and RD Session Host servers requires the highest level of encryption.

This policy setting specifies whether to prevent the mapping of client drives in a Remote Desktop Services session drive redirection. By default, an RD Session Host server maps client drives automatically upon connection. You can use this policy setting to override this behavior. If you enable this policy setting, client drive redirection is not allowed in Remote Desktop Services sessions, and Clipboard file copy redirection is not allowed on computers running Windows Server and Windows If you disable this policy setting, client drive redirection is always allowed.

For example, if the users navigate into one of their hard drives, they see all of their folders and files there, even if this setting is enabled.

This setting removes the My Documents icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box. This setting does not prevent the user from using other methods to gain access to the contents of the My Documents folder. This setting does not remove the My Documents icon from the Start menu. To make changes to this setting effective, you must log off from and log back on to Windows Professional.

This setting only affects the desktop icon. It does not prevent users from connecting to the network or browsing for shared computers on the network. If you enable this setting, the Properties option will not be present when the user right-clicks My Computer or clicks Computer and then goes to the File menu. Likewise, Alt-Enter does nothing when Computer is selected.

This policy setting hides the Properties menu command on the shortcut menu for the My Documents icon. If you enable this policy setting, the Properties menu command will not be displayed when the user does any of the following:. If you disable or do not configure this policy setting, the Properties menu command is displayed. Remote shared folders are not added to Network Locations whenever you open a document in the shared folder.

If you disable this setting or do not configure it, when you open a document in a remote shared folder, the system adds a connection to the shared folder to Network Locations. If you enable this setting, shared folders are not added to Network Locations automatically when you open a document in the shared folder.

This setting removes the Recycle Bin icon from the desktop, from File Explorer, from programs that use the File Explorer windows, and from the standard Open dialog box. This setting does not prevent the user from using other methods to gain access to the contents of the Recycle Bin folder.

If you enable this setting, the Properties option will not be present when the user right-clicks on Recycle Bin or opens Recycle Bin and then clicks File. Likewise, Alt-Enter does nothing when Recycle Bin is selected. If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, are not saved when users log off.

However, shortcuts placed on the desktop are always saved. Prevents windows from being minimized or restored when the active window is shaken back and forth with the mouse.

If you enable this policy, application windows will not be minimized or restored when the active window is shaken back and forth with the mouse. If you disable or do not configure this policy, this window minimizing and restoring gesture will apply. This setting lets you specify the wallpaper on users' desktops and prevents users from changing the image or its presentation. The wallpaper you specify can be stored in a bitmap.

To use this setting, type the fully qualified path and name of the file that stores the wallpaper image. If the specified file is not available when the user logs on, no wallpaper is displayed. Users cannot specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched.

Users cannot change this specification. Turn off automatic image resizing. Turn off image display. Allow the display of image download placeholders. Turn off smart image dithering. Turn on printing of background colors and images. Prevent configuration of top- result search on Address bar. Prevent configuration of search on Address bar.

Signup Settings. Turn on automatic signup. Turn on inline AutoComplete. Turn off inline AutoComplete in File Explorer.

Turn off URL Suggestions. Turn off Windows Search AutoComplete. Display settings. General Colors. Prevent specifying background color. Prevent specifying text color. Prevent the use of Windows colors. Link Colors. Prevent specifying the hover color.

Prevent specifying the color of links that have not yet been clicked. Prevent specifying the color of links that have already been clicked. Turn on the hover color option. Prevent choosing default text size. URL Encoding. Set how links are opened in Internet Explorer.

Open Internet Explorer tiles on the desktop. Offline Pages. Subscription Limits. Disable adding channels. Disable adding schedules for offline pages. Disable offline page hit logging. Disable channel user interface completely. Disable editing and creating of schedule groups. Disable editing schedules for offline pages. Disable removing channels. Disable removing schedules for offline pages.

Disable all scheduled offline pages. Disable downloading of site subscription content. Persistence Behavior. File size limits for Local Machine zone. File size limits for Intranet zone. File size limits for Trusted Sites zone.

File size limits for Internet zone. File size limits for Restricted Sites zone. Turn off InPrivate Filtering. Turn off Tracking Protection. Turn off InPrivate Browsing. Turn off collection of InPrivate Filtering data. Establish InPrivate Filtering threshold. Establish Tracking Protection threshold. Security Features. Add- on Management. Add- on List.

Deny all add- ons unless specifically allowed in the Add- on List. Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects.

All Processes. Process List. Turn off the WebSocket Object. Turn off cross- document messaging. Turn off the XDomainRequest object. Maximum number of connections per server HTTP 1. Change the maximum number of connections per host HTTP 1. Set the maximum number of WebSocket connections per server.

Binary Behavior Security Restriction. Install binaries signed by MD2 and MD4 signing technologies. Internet Explorer Processes. Admin- approved behaviors. Consistent Mime Handling. Local Machine Zone Lockdown Security. Mime Sniffing Safety Feature. MK Protocol Security Restrictio n.

Network Protocol Lockdown. Restricted Protocols Per Security Zone. Internet Zone Restricted Protocols. Intranet Zone Restricted Protocols. Local Machine Zone Restricted Protocols. Restricted Sites Zone Restricted Protocols.

Trusted Sites Zone Restricted Protocols. Notification bar. Object Caching Protection. Protection From Zone Elevation.

Restrict ActiveX Install. Restrict File Download. Scripted Window Security Restrictions. Turn off Data URI support. Do not display the reveal password button. Turn off Developer Tools. Turn off toolbar upgrade tool. Hide the Command bar. Hide the status bar. Lock all toolbars. Lock location of Stop and Refresh buttons. Display tabs on a separate row.

Disable customizing browser toolbars. Disable customizing browser toolbar buttons. Customize command labels. Configure Toolbar Buttons. Use large icons for command buttons.

Add a specific list of search providers to the user's list of search providers. Turn off add- on performance notifications. Automatically activate newly installed add- ons. Turn off Crash Detection. Do not allow users to enable or disable add- ons. Turn on menu bar by default. Disable caching of Auto- Proxy scripts.

Disable external branding of Internet Explorer. Disable changing Advanced page settings. Customize user agent string. Use Automatic Detection for dial- up connections. Turn off Automatic Crash Recovery. Turn off ActiveX Opt- In prompt. Turn off Favorites bar. Position the menu bar above the navigation bar.

Prevent per- user installation of ActiveX controls. Prevent changing pop- up filter level. Turn off Reopen Last Browsing Session. Prevent bypassing SmartScreen Filter warnings. Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet.

Turn off Tab Grouping. Prevent "Fix settings" functionality. Prevent managing the phishing filter. Prevent managing SmartScreen Filter. Turn off the Security Settings Check feature. Display error message on proxy script download failure. Turn on Suggested Sites. Turn on compatibility logging.

Enforce full- screen mode. Allow Internet Explorer 8 shutdown behavior. Turn off page- zooming functionality. Turn off browser geolocation. Identity Manager: Prevent users from using Identities. Configure Media Explorer Bar. Specify default behavior for a new tab. Prevent running First Run wizard. Prevent access to Internet Explorer Help. Prevent Internet Explorer Search box from appearing. Turn off Quick Tabs functionality. Prevent changing the default search provider.

Turn off configuration of pop- up windows in tabbed browsing. Turn off tabbed browsing. Prevent configuration of how windows open. Notify users if Internet Explorer is not the default web browser. Configure Outlook Express. Pop- up allow list. Disable changing accessibility settings. Disable changing Automatic Configuration settings.

Disable changing Temporary Internet files settings. Disable changing Calendar and Contact settings. Disable changing certificate settings. Disable changing default browser check.

Disable changing color settings. Disable changing connection settings. Disable Internet Connection wizard. Disable changing font settings. Disable AutoComplete for forms. Turn on the auto- complete feature for user names and passwords on forms. Disable changing home page settings. Disable changing language settings. Disable changing link color settings.

Disable changing Messaging settings. Prevent managing pop- up exception list. Turn off pop- up management. Disable changing Profile Assistant settings. Prevent changing proxy settings. Disable changing ratings settings. Disable the Reset Web Settings feature. Turn off the auto- complete feature for web addresses. Prevent participation in the Customer Experience Improvement Program.

Turn off suggestions for all user- installed providers. Turn off the quick pick menu. Search: Disable Find Files via F3 within the browser. Search: Disable Search Customization. Disable changing secondary home page settings.

Restrict search providers to a specific list. Prevent configuration of new tab creation. Set tab process growth.

Turn off ability to pin sites in Internet Explorer on the desktop. Turn on ActiveX Filtering. Location and Sensors. Turn off location scripting. Turn off location. Turn off sensors. Microsoft Management Console. Extension snap- ins.

AppleTalk Routing. Authorization Manager. Certification Authority Policy Settings. Connection Sharing NAT. Device Manager. Event Viewer. Event Viewer Windows Vista. IAS Logging. IGMP Routing. IP Routing. IPX Routing. Logical and Mapped Drives. OSPF Routing. Public Key Policies. RIP Routing. Removable Storage. Remote Access. SMTP Protocol. Send Console Message. Service Dependencies. Shared Folders Ext.

System Properties. Extended View Web View. Group Policy snap- in extensions. Administrative Templates Computers. Administrative Templates Users. Internet Explorer Maintenance.

IP Security Policy Management. NAP Client Configuration. Remote Installation Services. Security Settings. Software Installation Computers. Software Installation Users. Windows Firewall with Advanced Security.

Resultant Set of Policy snap- in extensions. Group Policy Management. Group Policy Object Editor. Group Policy tab for Active Directory Tools. Resultant Set of Policy snap- in. ADSI Edit. Active Directory Domains and Trusts.

Active Directory Sites and Services. Active Directory Users and Computers. Certification Authority. Certificate Templates. Component Services. Computer Management. Distributed File System. Disk Defragmenter. Disk Management.

Enterprise PKI. FAX Service. Failover Clusters Manager. FrontPage Server Extensions. Internet Information Services. Indexing Service. IP Security Monitor. Local Users and Groups. Net Framework Configuration. Online Responder.

Performance Logs and Alerts. QoS Admission Control. Do you have that user applied correctly in the security filtering? Is the rest of the policy being applied? Is it just the desktop part not applying? I'd check the slow link detection settings.

I know Mundane questions, but I always start at the bottom and work up Make a new Group policy and only set the Wallpaper settings. Apply it to a test user and see if it applies. I have seen it do strange things when it had to resize the image to fit. Do all your systems have the same size monitor and same setting? You can try this, resize the image to something that will fit in the majority of your users, something like x