Our Remote Desktop connection settings are applied with Group Policies, and have previously worked with Vista, Windows 7 & 8 clients. On the rollout of Windows 10 we were unable to access these clients.
On checking Inboard Rules of a Windows 10 client ‘Remote Desktop (TCP-In)’ had been renamed to ‘Remote Desktop – User Mode (TCP-In)’
Changes were also noticed to the ‘Programs and Services’ tab.
I created a new group policy for testing where a changed ‘Programs and Services’ tab > Programs > ‘This program’ from ‘System’ to ‘%SystemRoot%\system32\svchost.exe’. I also added termservice to ‘Programs and Services’ tab > Services > ‘Apply to service with this short name’
As part of our GDPR implementation we have decided to deny staff from logging onto student clients, and vice versa.
The required policies can be found in – Computer Configuration > Policies > Security Settings > Local Policies > User Rights Assignment.
The “Deny log on locally” specifies the users or groups that are not allowed to log into the local computer.
The Group Policy has been tested on Windows 7 and Windows 10 clients successfully.
Even when directing clients to use a onsite WSUS, clients can still access Microsoft Update online. Using this GPo should stop clients from accessing online updates and installing them before you are ready.
Users can set the desktop wallpaper via Internet Explorer even if Prevent changing wallpaper property is set in Group Policy.
Desktop wallpaper can be changed if Display Properties is not involved.
Enable ‘Prevent changing wallpaper’ (in User Configuration\Policies\Administrative Templates\Control Panel\Display) settings.