Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
RemoteFX is enabled on Windows systems using Group Policy. Parallels recommends to apply Group policies at OU (organizational unit) level in Active Directory environments. Although local Group Policies can be used, it requires to configure necessary settings on every Terminal Server/Remote PC/VDI host in the RAS Farm.
Hint: To edit domain Group Policies, from the Windows Run command, type GPMC.MSC. Once the Group Policy settings are completed, run GPUPDATE /FORCE from the Run command to apply them.
Enable the following options on all Terminal Servers in your farm. Under Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment enable the following:
Configure Compression for RemoteFX Data. Set to Optimize to use less network bandwidth.
Configure image quality for RemoteFX Adaptive Graphics. Set to Medium.
Enable RemoteFX encoding for RemoteFX clients designed for Windows Server 2008 R2 SP1
Configure RemoteFX Adaptive Graphics. Set to Let the system choose the experience for network conditions.
RemoteFX is a set of Microsoft Windows technologies that greatly enhances the end-user visual and performance experience over the RDP protocol. It is available in Windows Server 2008 R2 SP1 and later. Windows 7 was the first client side operating system to support RemoteFX. Both the client and the server versions must be able to support RemoteFX in order for these enhancements to work.
Although RAS supports earlier versions of Windows Server, certain performance capabilities will not be available when those versions are used. RemoteFX has been improved with subsequent releases of Windows. The best performance will always occur when running the latest version of Microsoft Windows Server being accessed from the latest workstation version.
Parallels RAS supports RemoteFX on the following clients:
Parallels Windows Client for Windows installed on Windows 7 SP1 and higher.
Parallels Client for Mac
Parallels Client for Linux
Parallels Client for iOS
Parallels Client for Android
Parallels Client for ChromeApp running on ChromeBooks
RemoteFX supports two Group Policy settings that give administrators the flexibility to manually choose the best configuration for their scenario. Both policies are under this path: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment.
The first policy setting is Configure image quality for RemoteFX Adaptive Graphics. This policy setting specifies the graphics quality for a remote session. Administrators can use this option to balance network bandwidth usage with graphics quality delivered.
The options are Medium (default), High, and Lossless. The Medium setting consumes the lowest amount of bandwidth, The High setting increases the image quality with a moderate increase in bandwidth consumption, while the Lossless setting uses lossless encoding, which preserves full color and resolution integrity but requires significant increase in bandwidth.
The second policy setting is Configure RemoteFX Adaptive Graphics. This policy setting allows the administrator to choose the encoding configuration to be optimized for server scalability or bandwidth usage. If you enable this policy setting, the RemoteFX experience could be set to one of the following options:
Let the system choose the experience for the network condition
Optimize for experience (balanced)
Optimize to use minimum network bandwidth
By default, the system will choose the best experience based on available network bandwidth.
Beginning with version 18, Parallels RAS includes built-in automated optimization capabilities for RD Session Hosts, VDI, and Azure Virtual Desktop workloads. Different preconfigured optimizations for multi-session (such as RD Session Hosts) or single-session (such as VDI) hosts are available for administrators to choose from manually or automatically to ensure a more efficient, streamlined and improved delivery of virtual apps and desktops.
Preconfigured optimizations were designed to be easily updated to support future releases of Microsoft Windows. Moreover, custom scripts may also be used within the tool to make use of already available optimizations to be deployed on Parallels RAS workload machines.
Over 130 image optimizations are available out-of-the-box and divided into the following main categories:
UWP application packages (removal; available for VDI only)
Windows Defender ATP (turn ON or OFF, disable real-time scan, exclude files, folder, processes, and extensions)
Windows components (removal)
Windows services (disable)
Windows scheduled tasks (disable)
Windows advanced options (Cortana, system restore, telemetry, custom layout)
Network performance (disable task offload, ipv6, etc.)
Registry (service startup timeout, disk I/O timeout, custom, etc.)
Visual effects (best appearance, best performance, custom)
Disk cleanup (delete user profiles, image cleanup, etc.)
Custom scripts (.ps1, .exe, .cmd, and other extensions/formats)
For the complete list of optimization categories and components, please see https://kb.parallels.com/125222.
Optimizations are applicable to RD Session Hosts, VDI, Azure Virtual Desktop, and Remote PC host pools (through VDI) based on:
Windows Server 2012 R2 and later
Windows 7 SP1
Windows 10
Optimization can be configured for the following:
RD Session Hosts
VDI
Azure Virtual Desktop
Optimization settings are configured for the above on the Site level (Site defaults) and can also be configured for individual components if the RAS administrator decides to use custom settings for a given component.
To configure optimizations on the Site level, navigate to Farm > Site, click the Tasks > Site defaults menu and choose one of the following:
RD Session Host
VDI
AVD multi-session hosts
AVD single-session hosts
In a Site defaults dialog that opens, select the Optimization tab. The user interface for configuring optimization is the same for all of the above.
Note: Before applying optimization, make sure you have a saved state of session hosts as you will not be able to revert changes after they are applied.
To configure optimization:
If you are in the host Properties dialog or in a wizard, clear the Inherit default settings options if you want to modify them for this host.
Select the Enable optimization option.
Choose optimization type from the following:
Automatic: Predefined and preconfigured optimization will be used automatically.
Manual: Gives you full control over which optimization options to use and allows you to configure each one. This option also gives you an option to use a custom optimization script that will be executed on the host.
If you selected Manual in the previous step, configure optimization categories and components according to your requirements. See Configure optimization below.
Force optimization on all enabled categories: This is a special option that should only be used in situations when some parts of optimization failed to apply to a host for some unforeseen reason (e.g. the host went offline unexpectedly). When you select this option, then click OK and then Apply in the RAS Console, the entire optimization configuration will be applied to the host. This way you can make sure that changes that you made to optimization components last time, and that were not applied to the host, will be applied again. The state of the Force optimization on all enabled categories option (selected or cleared) is not saved because this is a one-time action, so the next time you open the dialog, the option will be cleared again. Note that in a standard scenario, when you make changes and then apply them to a host, you don't need to select this option, because normally you want to apply just the changes that you made, not the entire optimization configuration.
The Category list contains optimization categories that can be configured. To include a category in optimization, select the corresponding checkbox. Some categories contain multiple components, which can be configured individually, some have settings that can be customized. To configure category settings or components, highlight the category and click the gear icon (or click Tasks > Properties, or simply double-click a category). Depending on the category selected, you can do the following:
Configure category settings (choose from available options, select or clear individual settings, specify values, add or remove entries).
Add or remove underlying components to include or exclude them from optimization (use the plus- and minus-sign icons). When adding a component (where available), you can select from a predefined list or you can specify a custom component.
In some cases (specifically registry entries) you can double-click an entry and specify multiple values for it.
If you remove a predefined component, you can always get it back in the list by clicking Tasks > Reset to default. You can also use this menu to reset category settings to default values if they were modified.
The last optimization category in the list is Custom script. You can use it to execute an optimization script that you may have available. Read the Using custom script subsection below for details.
When done, click OK to close the dialog.
The Custom script optimization category is used to execute an optimization script on a target host. Before configuring this category, make sure that the script exists on target hosts and that the path and file name are the same on each host.
To configure the Custom script optimization:
Enable the Custom script category in the list (select the checkbox), then highlight it and click Tasks > Properties.
In the dialog that opens, specify the command to execute, arguments (if required), the initial directory, and credentials that will be used to execute the script.
Click OK.
When you apply the optimization to a host, the script will be executed as part of applying other optimization parameters.
After you enable optimization for a host and then click Apply in the RAS Console, the following will happen the next time the host communicates with Parallels RAS:
The host status changes to Optimization pending and the host enters the drain mode. At this stage, you can stop optimization by selecting a host in the list and clicking Tasks > Stop optimization.
Once all users are logged off, the host status changes to Optimization in progress.
After all optimization settings are applied, the host will reboot.
After the reboot, the host returns to operation and its status changes to OK.
Optimization results are logged on a host at the following location: %ProgramData%\Parallels\RASLogs\ImageOptimizer.log. Open the file and search for entires similar to the following:
[I 78/00000009/T10C4/P0FD4] 11-30-20 10:09:19 - Image Optimization completed with 98 successful and 0 unsuccessful optimizations.
When Parallels RAS is upgraded from an older version:
The optimization feature is disabled.
The inheritance is off.
To use optimization after the upgrade, the administrator needs to enable it manually either in Site defaults or in the host pool settings.
Please note the following:
Some optimizations may fail and generate warnings if they had been already applied.
Some optimizations may fail and generate warnings depending on OS specifics. For example, removal of UWP apps may fail because apps are already absent.
Note: This section describes how to manually optimize remote desktop and terminal server performance. Beginning with RAS 18, these and other settings can be optimized automatically using the new Optimizations functionality.
The default Windows performance settings are intended for general purpose servers. In order to maximize application or desktop hosting server performance, the default Windows performance settings should be adjusted on Windows Remote Desktop/Terminal Servers.
From the Control Panel go to System and click on Advanced System Settings. Under the Advanced tab in the System Properties dialog box, click on Settings under the Performance section.
Under the Visual Effects tab from the Performance Options dialog box, change the setting to Adjust for best performance.
If a specific application has a custom setting recommendation, you should use it, but in general, the Adjust for best performance option will provide the best overall performance in a Parallels RAS environment.
Set the Windows paging file to twice the amount of RAM. For heavier workloads, a paging file of three times the amount of physical memory might be required. For more information on how to determine the exact page file size, please visit https://support.microsoft.com/en-us/help/2860880/how-to-determine-the-appropriate-page-file-size-for-64-bit-versions-of-windows.
By default, Microsoft Windows page file size is automatically managed for all drives and grows dynamically as necessary. However, as the system ramps up to intended capacity, dynamic page file growth can result in a fragmented page file, so it is best to set a fixed page file size upfront.
Typically, page file settings are configured when the server is first installed. However, if the server remained in production for a while, Parallels recommends optimizing and defragmenting the drive prior to setting paging options described below.
Note: If the size of the page file is too small, system will generate a mini dump and will log an event in the System event log during boot to inform you about this condition.
In the example below, the server has 8 GB of RAM:
Note that Microsoft sets it to 1280 but recommends 4607. Parallels recommends to double it and use a new page file on the disk. Therefore the number is 16384 (8 GB in block of 8192 x2 = 16384). Make sure you have enough free disk space to use this setting.
Please also make sure to configure antivirus exclusions for FSLogix Profile Container virtual hard drives as described in Antivirus Exclusions.
Enable the following options on all Terminal Servers in your farm. Under Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment enable the following:
Configure RemoteFX
Optimize visual experience when using RemoteFX. Set to Medium Default.
Set Compression algorithm for RDP data. Set to Optimize to use less network bandwidth.
Optimize Visual experience for Remote Desktop Services sessions. Set to Rich Multimedia.
Configure image quality for RemoteFX Adaptive Graphics (Image Quality set to Medium).
Configure RemoteFX Adaptive Graphics. Set to Let the system choose experience for network conditions.
| Optimization | Inherits from | |
|---|---|---|
RDSH Site defaults
Yes
None
RDSH host pool
No
None
RDSH standalone
Yes
RDSH Site defaults
RDSH template
Yes
RDSH Site defaults
RDSH from template
No
None
VDI Site defaults
Yes
None
VDI host standalone
Yes
VDI Site defaults
VDI host template
Yes
VDI Site defaults
VDI host from template
No
None
Azure Virtual Desktop Site defaults
Yes
None
Azure Virtual Desktop host pool - hosts from a template
No
None
Azure Virtual Desktop host pool - standalone hosts
Yes
AVD multi-session hosts Site defaults or AVD single-session hosts Site defaults.
Azure Virtual Desktop template
Yes
AVD multi-session hosts Site defaults or AVD single-session hosts Site defaults.
Azure Virtual Desktop hosts from template
No
None
Remote FX Settings for Windows 7 SP1. Under Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment enable the following options for virtual PC or VDI host which has guest agent installed:
Enable RemoteFX.
Set Compression algorithm for RDP data. Set to Optimize to use less network bandwidth.
Optimize Visual experience for Remote Desktop Services sessions. Set to Rich Multimedia.
Configure compression for RemoteFX data. Set to Optimize to use less network bandwidth.
Configure image quality for RemoteFX Adaptive Graphics. Set to Medium.
Configure RemoteFX Adaptive Graphics. Set to Let the system choose the experience for the network condition.
In order to get Point of Sale / USB Scanning devices to work properly with Windows Server 2008 R2 and higher, you must enable RemoteFX USB redirection on the user Windows devices using GPO. Please note that this policy setting allows you to permit RDP redirection of other supported RemoteFX USB devices from this computer. Make sure that you set RemoteFX USB Redirection Access Rights to Administrators and Users. This is configured by navigating to Computer Configurations > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Desktop Connection Client:
This policy setting enables system administrators to change the graphics rendering for all Remote Desktop Services sessions on a Remote Desktop Session Host (RD Session Host) server. If you enable this policy setting, all Remote Desktop Services sessions on the RD Session Host server use the hardware graphics renderer instead of the Microsoft Basic Render Driver as the default adapter. If you disable or skip the configuration of this policy setting, all Remote Desktop Services sessions on the RD Session Host server will use the Microsoft Basic Render Driver as the default adapter.
Note: The policy setting affects only the default graphics processing unit (GPU) on a computer with more than one GPU installed. All additional GPUs are considered secondary adapters and used as hardware renderers. The GPU configuration of the local session is not affected by this policy settings.
Whether you are using graphics intensive applications or streaming media across RDP, some configurations can be applied to provide performance benefits in your environment:
Display driver optimization – this is probably the most important component, particularly on the Windows CE platforms that tend to have a lot less CPU power than their desktop counterparts. The display "device driver interface" we provide in Windows CE uses only the basic graphics engine functions; where software acceleration is provided through emulation libraries, and hardware acceleration is limited to two-dimensional graphics operations. If at all possible, hardware acceleration should be used.
Ensure that your video and network card drivers are up to date based on the manufacturer’s recommendations.
Enable bitmap caching in your RDP session. This can result in some significant bandwidth savings and can also improve the refresh speed. However, this does not mean that graphics intensive applications will run at the same performance level as they would in a non-RDP session.
Understanding how font exchange works can also lead to some opportunities for performance improvements. Font exchanges occur between the client and server to determine which common system fonts are installed. The client notifies the Terminal Server of all installed system fonts to enable faster text rendering during an RDP session. When the Terminal Server knows what fonts the client has available, passing compressed fonts and Unicode character strings rather than larger bitmaps to the client can save network bandwidth
If network bandwidth is not as much of a concern, you can increase the frame rate on the client side via a registry modification.
https://blogs.technet.microsoft.com/askperf/2009/04/17/terminal-services-and-graphically-intensive-applications/.
To learn how to increase the frame rate on the server side, see https://support.microsoft.com/en-us/help/2885213/frame-rate-is-limited-to-30-fps-in-windows-8-and-windows-server-2012-remote-sessions.
If you have users that login from different time zones, you may want to enable this setting. This setting will redirect the local time to the app, remote PC, or VM. Time Zone Redirection is configured in the same Group Policy location as Audio Redirection: Local Computer Policy > Computer Configurations > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Desktop Session Host > Device and Resource Redirection.
This policy setting allows the administrator to configure RemoteFX graphics for Remote Desktop Session Host or Remote Desktop Virtualization Host servers to be lossless. If you enable this policy setting, RemoteFX graphics will use lossless encoding. The color integrity of the graphics data will stay intact. If you disable or skip the configuration of this policy setting, RemoteFX graphics lossless encoding will be disabled.
Audio and video playback allows users to redirect the remote computer audio in a remote session. It provides an improved experience for video playback in remote sessions. By default, audio and video playback is not allowed when connecting to a computer running Windows Server 2008 R2.
https://technet.microsoft.com/en-us/library/dd759165.aspx.
Audio and video playback redirection is allowed by default when connecting to a computer running Windows 7 or newer, or Windows Server 2012 R2 or newer.
It is recommended to use the CPU optimization feature to optimize CPU load balancing according to your requirements. When configured, the CPU load balancer will lower the priority of a process when its CPU usage exceeds a specified value for a specified number of seconds. The load balancer will revert the priority to its original level when the process has been running below a certain percentage for a certain number of seconds.
To configure CPU optimization, select the Enable CPU Optimization option and then specify the values as described below.
Specifies when the CPU optimization should be activated. The Total CPU usage exceeds field specifies the system wide CPU usage in percent.
Specifies thresholds per process when a specific process exceeds or falls below the specified CPU percentage. Here you can specify Critical and Idle values. The CPU load balancer will adjust other priorities with respect to these values.
Please note that CPU usage values are attenuated and calculated based on the agent refresh time configured on the Load Balancing tab.
Use the Exclusions list to specify processes that should be excluded from CPU optimization. Click Tasks > Add to select a process. To remove a process from the list, select it and click Tasks > Delete.
Irregular values for critical/idle may cause issues (processes set to idle due to incorrect configuration). If there are issues with getting the CPU usage counter, optimizations cannot be applied.
Log files can be found in %ProgramData%\Parallels\RASLogs\cpuloadbalancer.log. Use the log to confirm thresholds. You can check the CPU usage performance counter on Windows.
Note: Since the critical/idle thresholds are calculated based on the highest process CPU usage (not the absolute CPU usage), this value is not reflected in the logs when changing priorities.
Absolute CPU usage equals to total CPU usage. For example, if there are 2 processes taking 30% each, the total CPU usage is 60%. The usage threshold when CPU load balancer kicks in is 25% (default).
The highest process CPU usage is the CPU usage of the process taking the most CPU. For example, if you have three processes, two taking 10% and the third taking 40%, the highest CPU usage is 40%.
Microsoft Windows Server 2008 R2 and later include bulk compressors that compress all data sent from the server to the client. These compressors can be enforced by the computer-wide Set compression algorithm for RDP data Group Policy setting.
The choice of compression algorithm impacts the memory and CPU consumption on the server and thus affects server scalability. RDP optimization can be configured to:
Use the least amount of memory
Use the least amount of network bandwidth
Balance between memory and network bandwidth utilization (default)
Navigate to Computer Configuration\Administrative Templates \Windows Components\Remote Desktop Services \ Remote Desktop Session Host\ Remote Session Environment and configure compression for RemoteFX data as follows:
Optimized to use less memory. Consumes the least amount of memory per session but has the lowest compression ratio and therefore the highest bandwidth consumption.
Balances memory and network bandwidth. Reduced bandwidth consumption while marginally increasing memory consumption (approximately 200 KB per session).
Optimized to use less network bandwidth. Further reduces network bandwidth usage at a cost of approximately 2 MB per session. If you want to use this setting, you should assess the maximum number of sessions and test to that level with this setting before you place the server in production.
You can also choose not to engage a RemoteFX compression algorithm. This will use more network bandwidth and it is only recommended if you are using a hardware device that is designed to optimize network traffic. Even if you choose not to use a RemoteFX compression algorithm, some graphics data will still be compressed.
https://msdn.microsoft.com/en-us/library/windows/hardware/dn567648(v=vs.85).aspx.
The following policy setting specifies whether the Remote Desktop Protocol will try to detect the network quality (bandwidth and latency): Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Select network detection on the server.
If you enable the above policy setting, you must select one of the following:
Connect Time Network Detect
Continuous Network Detect
Connect Time Detect
Continuous Network Detect
If you select Connect Time Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time, and it will assume all traffic to this server originates from a low-speed connection.
If you select Continuous Network Detect, Remote Desktop Protocol will not try to adopt to changing network quality.
If you select Connect Time Detect and Continuous Network Detect, Remote Desktop Protocol will not try to determine the network quality at the connect time, it will assume all traffic to this server originates from a low speed connection and it will not try to adopt to changing network quality.
If you disable or do not configure this policy setting, Remote Desktop Protocol will spend a few seconds trying to determine the network quality prior to the connection and it will continuously try to adopt to the network quality.
The following policy setting specifies whether the UDP protocol will be used for Remote Desktop Protocol access to this server: “Computer Configuration\Administrative Templates \Windows Components\Remote Desktop Services \ Remote Desktop Session Host\ Connections\Select RDP transport protocols".
If you enable the above policy setting, Remote Desktop Protocol traffic to this server will only use the TCP protocol. If you disable or do not configure this policy setting, Remote Desktop Protocol traffic to this server will use both the TCP and UDP protocols.
Installing antivirus software on an RD Session Host server greatly affects overall system performance, especially the CPU usage. We highly recommend that you exclude all folders that hold temporary files from the active monitoring list, especially folders generated by services and other system components.
The Parallels RAS folder to be excluded from real-time scanning is %programfiles(x86)%\Parallels\ApplicationServer.
For Parallels RAS port reference, please refer to Parallels Remote Application Server Administrator's Guide, which can be downloaded from http://www.parallels.com/products/ras/resources. For additional information, please also see http://kb.parallels.com/124003.
The Parallels Client for Windows folder to be excluded from real-time scanning is as follows:
32-bit: %programfiles(x86)%\Parallels\Client
64-bit: %programfiles%\Parallels\Client
Parallels recommends to exclude the above Parallels RAS and Parallels Client for Windows folders from real-time or on-access scanning and scan them on a regular basis using scheduled scans. You should also monitor the creation of new files in the excluded folders.
Make sure to configure the following antivirus exclusions for FSLogix Profile Container virtual hard drives.
Exclude files:
%Programfiles%\FSLogix\Apps\frxdrv.sys
%Programfiles%\FSLogix\Apps\frxdrvvt.sys
%Programfiles%\FSLogix\Apps\frxccd.sys
%TEMP%*.VHD
%TEMP%*.VHDX
%Windir%\TEMP*.VHD
%Windir%\TEMP*.VHDX
\\storageaccount.file.core.windows.net\share**.VHD (Azure and Azure Virtual Desktop only)
\\storageaccount.file.core.windows.net\share**.VHDX (Azure and Azure Virtual Desktop only)
Exclude processes:
%Programfiles%\FSLogix\Apps\frxccd.exe
%Programfiles%\FSLogix\Apps\frxccds.exe
%Programfiles%\FSLogix\Apps\frxsvc.exe
Various control panels, administrative tools, and server settings should be disabled for standard user access if otherwise not required by organization. To disable control panel items, the following policies can be carried out from the Group Policy Microsoft Management Console (MMC): User Configuration\Administrative Templates\Control Panel
For added security, users should be restricted to not make any registry modifications: User Configuration\Policies\Administrative Templates\System
These policy setting prevents users from using Windows Installer to install patches and disables Windows update and shutdown notifications. This can be carried out from the Group Policy Microsoft Management Console (MMC):
Computer Configuration\Policies\Administrative Templates\Windows Components\Windows Installer
Computer Configuration\Administrative Templates\Windows Components\Windows Update
The following Control Panel items may be removed from the list of items available for standard user access:
Microsoft.AdministrativeTools
Microsoft.AutoPlay
Microsoft.ActionCenter
Microsoft.ColorManagement
Microsoft.DefaultPrograms
Microsoft.DeviceManager
Microsoft.EaseOfAccessCenter
Microsoft.FolderOptions
Microsoft.iSCSIInitiator
Microsoft.NetworkAndSharingCenter
Microsoft.NotificationAreaIcons
Microsoft.PhoneAndModem
Microsoft.PowerOptions
Microsoft.ProgramsAndFeatures
Microsoft.System
Microsoft.TextToSpeech
Microsoft.UserAccounts
Microsoft.WindowsFirewall
Microsoft.WindowsUpdate
Microsoft.DateAndTime
Microsoft.RegionAndLanguage
Microsoft.RemoteAppAndDesktopConnections
Install Application On Remote Desktop Server
Java
Flash Player
Navigate to Computer Configuration > Policies > Windows Settings > Security Settings.
Right click on File System, choose Add File.
In the Add a file or folder window, put %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools in the Folder field and click OK.
On the next window Database Security for%AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Server Manager.lnk remove Users and check that Administrators have Full Access
On the Add Object window choose Configure this file or folder then Propagate inheritable permissions to all subfolders and files. Click OK.
Do the same for PowerShell shortcut (+ delete Creator Owner in database security): %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\System Tools\Windows PowerShell.lnk
Do the same for Server Manager shortcut: %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Server Manager.lnk
Generally, device redirection increases how much network bandwidth RD Session Host server connections use because data is exchanged between devices on the client computers and processes that are running in the server session. The extent of the increase is a function of the frequency of operations that are performed by the applications that are running on the server against the redirected devices. Printer redirection and Plug and Play device redirection also increases CPU usage at sign-in.
Parallels recommends to not allow device redirection if not being used since this will result in inefficient bandwidth usage. Local device redirection can be configured from Parallels RAS policies, registry, or Microsoft group policies.
Navigate to Computer Configuration\Administrative Templates\Windows Components\Terminal Services\Terminal Server\Remote Session Environment and set compression algorithm for RDP data as follows:
Optimized to use less memory (RDP 5.2 or V1):
Bulk compressor from Windows Server 2003
Consumes more bandwidth than other compressors
Has the least memory and CPU overhead
Gives you the best server-side scalability
Balances network bandwidth and memory (RDP 6.0 or V2):
The default setting if the Group Policy setting is not configured
Balances between memory consumption and network bandwidth
Can reduce your bandwidth by 5–30 percent compared to the RDP 5.2 compressor
Optimized to use less network bandwidth (RDP 6.1 or V3):
A new compressor designed for Windows Server 2008
Tuned to give you the best network performance
Can reduce your bandwidth by 10–60 percent compared to the RDP 5.2 compressor
http://download.microsoft.com/download/4/d/9/4d9ae285-3431-4335-a86e-969e7a146d1b/RDP_Performance_WhitePaper.docx
Disable Server Manager Pop up for users logging in. This can be done from the Group Policy Microsoft Management Console (MMC):
User Configuration \ Polices \ Administrative Templates \ Start Menu and Taskbar
Some administrative group polices might not be available in the Group Policy Manager Console (GPMC). These can be imported from https://www.microsoft.com/en-au/download/details.aspx?id=41193.
You must perform these modifications on the RD Session Host servers. You can use the Registry to make these changes directly or using group policy preferences (GPP).
Note: Back up the key first and take ownership of the ShellFolder before changing the value of Attributes.
For Favorites, the key is:
[HKEY_CLASSES_ROOTCLSID{323CA680-C24D-4099-B94D-446DD2D7249E}ShellFolder] "Attributes"=dword:a0900100 Changing a0900100 to a9400100 will hide Favorites from the navigation pane.
For Libraries, the key is:
[HKEY_CLASSES_ROOTCLSID{031E4825-7B94-4dc3-B131-E946B44C8DD5}ShellFolder] "Attributes"=dword:b080010d Changing b080010d to b090010d will hide Libraries from the navigation pane.
You can use Group Policy settings to hide and restrict access to drives on the RD Session Host server. By enabling these settings you can ensure that users do not inadvertently access data stored on other drives, or delete or damage programs or other critical system files on drive C.
This can be carried out from the Group Policy Microsoft Management Console (MMC) as follows:
For Windows Server 2008 and Windows Server 2008 R2: User Configuration\Policies\Administrative Templates\Windows Components\Windows Explorer.
For Windows Server 2012 and Windows Server 2012 R2: User Configuration/ Administrative Templates/ Windows Components/ File Explorer.
Additional policies can be set to:
Hide the Manage item on the Windows Explorer context menu
Remove Hardware tab
Remove "Map Network Drive" and "Disconnect Network Drive"
Remove Search button from Windows Explorer
Disable Windows Explorer’s default context menu
Remove Run menu from Start Menu
You can use this policy setting to specify the maximum amount of time that an active, disconnected, or idle session remains in its current state.
Set the time limit for disconnected sessions. When a session is disconnected, running programs are kept active even though the user is no longer actively connected. By default, these disconnected sessions are maintained for an unlimited time on the server.
Set the time limit for logoff of published resources sessions. You can specify how long a user session will remain in a disconnected state after closing all programs but before the session is logged off from the RD Session Host server. By default, if a user closes a published resource, the session is disconnected from the RD Session Host server but it is not logged off.
This option can also be changed in the Parallels RAS Console by navigating to Farm \ Terminal Servers \ Properties \ Publishing Session.
Set time limit for logoff of published resources sessions. When a user closes the last running published resource associated with a session, Remote Application Server will keep the session in a disconnected state until the specified time limit is reached. When it is, the session will be logged off from the RD Session Host server. If the user starts another published resource before the time limit is reached, the user will reconnect to the disconnected session on the RD Session Host server.
Note: This policy setting appears in both Computer Configuration and User Configuration. If both policy settings are configured, the Computer Configuration policy setting takes precedence. These configurations can be carried out from the Group Policy Microsoft Management Console (MMC): Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits.
