Do not allow compression on all NTFS volumes, Do not allow encryption on all NTFS volumes, Disable delete notifications on all volumes, Selectively allow the evaluation of a symbolic link, Redirect folders on primary computers only, Use localized subfolder names when redirecting Start Menu and My Documents, Configure Applications preference logging and tracing, Configure Data Sources preference logging and tracing, Configure Devices preference logging and tracing, Configure Drive Maps preference logging and tracing, Configure Environment preference logging and tracing, Configure Files preference logging and tracing, Configure Folder Options preference logging and tracing, Configure Folders preference logging and tracing, Configure Ini Files preference logging and tracing, Configure Internet Settings preference logging and tracing, Configure Local Users and Groups preference logging and tracing, Configure Network Options preference logging and tracing, Configure Network Shares preference logging and tracing, Configure Power Options preference logging and tracing, Configure Printers preference logging and tracing, Configure Regional Options preference logging and tracing, Configure Registry preference logging and tracing, Configure Scheduled Tasks preference logging and tracing, Configure Services preference logging and tracing, Configure Shortcuts preference logging and tracing, Configure Start Menu preference logging and tracing, Allow asynchronous user Group Policy processing when logging on through Remote Desktop Services, Allow cross-forest user policy and roaming user profiles, Always use local ADM files for Group Policy Object Editor. Define the number of days after which a catch-up security intelligence update is required, Define the number of days before spyware security intelligence is considered out of date, Define the number of days before virus security intelligence is considered out of date, Define the order of sources for downloading security intelligence updates, Initiate security intelligence update on startup, Specify the day of the week to check for security intelligence updates, Specify the interval to check for security intelligence updates, Specify the time to check for security intelligence updates, Turn on scan after security intelligence update, Specify threat alert levels at which default action should not be taken when detected, Specify threats upon which default action should not be taken when detected, Allow antimalware service to remain running always, Allow antimalware service to startup with normal priority, Configure detection for potentially unwanted applications, Configure local administrator merge behavior for lists, Define proxy auto-config (.pac) for connecting to the network, Define proxy server for connecting to the network, Allow auditing events in Microsoft Defender Application Guard, Allow camera and microphone access in Microsoft Defender Application Guard, Allow data persistence for Microsoft Defender Application Guard, Allow files to download and save to the host operating system from Microsoft Defender Application Guard, Allow hardware-accelerated rendering for Microsoft Defender Application Guard, Allow Microsoft Defender Application Guard to use Root Certificate Authorities from the user's device, Allow users to trust files that open in Windows Defender Application Guard. Disable WDDM graphics driver. set the policy "Use WDDM graphics display driver for Remote Desktop Connections" to DISABLED. Simple fix! If you have Windows 10 Pro, run gpedit.msc and navigate to the following: Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment Set the Use WDDM graphics display driver for Remote Desktop Connections policy to Disabled No side affects that I see. Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC, Allow cryptography algorithms compatible with Windows NT 4.0, Specify negative DC Discovery cache setting, Specify positive periodic DC Cache refresh for non-background callers, Use final DC discovery retry setting for background callers, Use initial DC discovery retry setting for background callers, Use maximum DC discovery retry interval setting for background callers, Use positive periodic DC cache refresh for background callers, Use urgent mode when pinging domain controllers, Allow Clipboard synchronization across devices, Select the lid switch action (on battery), Select the lid switch action (plugged in), Select the Power button action (on battery), Select the Power button action (plugged in), Select the Sleep button action (on battery), Select the Sleep button action (plugged in), Select the Start menu Power button action (on battery), Select the Start menu Power button action (plugged in), Energy Saver Battery Threshold (on battery), Energy Saver Battery Threshold (plugged in), Allow applications to prevent automatic sleep (on battery), Allow applications to prevent automatic sleep (plugged in), Allow automatic sleep with Open Network Files (on battery), Allow automatic sleep with Open Network Files (plugged in), Allow network connectivity during connected-standby (on battery), Allow network connectivity during connected-standby (plugged in), Allow standby states (S1-S3) when sleeping (on battery), Allow standby states (S1-S3) when sleeping (plugged in), Require a password when a computer wakes (on battery), Require a password when a computer wakes (plugged in), Specify the system hibernate timeout (on battery), Specify the system hibernate timeout (plugged in), Specify the system sleep timeout (on battery), Specify the system sleep timeout (plugged in), Specify the unattended sleep timeout (on battery), Specify the unattended sleep timeout (plugged in), Turn on the ability for applications to prevent sleep transitions (on battery), Turn on the ability for applications to prevent sleep transitions (plugged in), Specify the display dim brightness (on battery), Specify the display dim brightness (plugged in), Turn off adaptive display timeout (on battery), Turn off adaptive display timeout (plugged in), Turn on desktop background slideshow (on battery), Turn on desktop background slideshow (plugged in), Minimum Idle Connection Timeout for RPC/HTTP connections, Propagation of extended error information, Restrictions for Unauthenticated RPC clients, RPC Endpoint Mapper Client Authentication, All Removable Storage: Allow direct access in remote sessions, All Removable Storage classes: Deny all access, Allow logon scripts when NetBIOS or WINS is disabled, Maximum wait time for Group Policy scripts, Run Windows PowerShell scripts first at computer startup, shutdown, Run Windows PowerShell scripts first at user logon, logoff, Configure the refresh interval for Server Manager, Do not display Initial Configuration Tasks window automatically at logon, Do not display Server Manager automatically at logon, Turn off automatic termination of applications that block or cancel shutdown, Allow downloading updates to the Disk Failure Prediction Model, Allow Storage Sense Temporary Files cleanup, Configure Storage Sense Cloud Content dehydration threshold, Configure Storage Sense Recycle Bin cleanup threshold, Configure Storage Storage Downloads cleanup threshold, Detect application failures caused by deprecated COM objects, Detect application failures caused by deprecated Windows DLLs, Detect application installers that need to be run as administrator, Detect applications unable to launch installers under UAC, Detect compatibility issues for applications and drivers, Configure Corrupted File Recovery Behavior, Disk Diagnostic: Configure custom alert text, Disk Diagnostic: Configure execution level, Microsoft Support Diagnostic Tool: Configure execution level, Microsoft Support Diagnostic Tool: Restrict tool download, Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider, Troubleshooting: Allow users to access recommended troubleshooting for known problems, Configure MSI Corrupted File Recovery Behavior, Configure Security Policy for Scripted Diagnostics, Troubleshooting: Allow users to access and run Troubleshooting Wizards, Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS), Diagnostics: Configure scenario execution level, Diagnostics: Configure scenario retention, Configure the level of TPM owner authorization information available to the operating system, Configure the list of blocked TPM commands. Use WDDM graphics display driver for Remote Desktop Connections This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections. Disable showing balloon notifications as toasts. In the main window, double-click Use WDDM graphics display driver for remote Desktop Connections. To solve "Your Remote Desktop Service session has ended. If you disable this policy setting, Remote Desktop Connections will NOT use WDDM graphics display driver. In Windows 10 v1903 and later, there is a bug in the WDDM (Windows Display Driver Model) that prevents remote desktop sessions from connecting multiple times. Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN. In the Windows search box, type gpedit.msc, and press Enter. [Computer Configuration->Policies->Windows Settings->Administrative Templates->Windows Components->Remote Desktop Services->Remote Desktop Session Host->Remote Session Environment], set the Policy [Use WDDM graphics display driver for Remote Desktop Connections] to Disabled. As the VDA cannot load the display driver, it would not be able to remote using HDX. XPDM and WDDM display drivers cannot co-reside; all graphics adapters in a system must use the same display driver model. Configure telemetry opt-in change notifications. Reboot your virtual machine. go to " Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment " set the following parameters to Enabled Use hardware graphics adapters for all Remote Desktop Services sessions Configure telemetry opt-in setting user interface. Block launching desktop apps associated with a URI scheme. Remove "Map Network Drive" and "Disconnect Network Drive", Remove File Explorer's default context menu, Remove the Search the Internet "Search again" link, Remove UI to change keyboard navigation indicator setting, Remove UI to change menu animation setting, Request credentials for network installations, Turn off common control and window animations, Turn off display of recent search entries in the File Explorer search box, Turn off the caching of thumbnails in hidden thumbs.db files, Turn off the display of snippets in Content view mode. Remove Default Programs link from the Start menu. Use WDDM graphics display driver for Remote Desktop Connections = Disabled. content, Turn off Help and Support Center Microsoft Knowledge Base search, Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com, Turn off Internet download for Web publishing and online ordering wizards, Turn off Internet File Association service, Turn off Registration if URL connection is referring to Microsoft.com, Turn off Search Companion content file updates, Turn off the "Publish to Web" task for files and folders, Turn off the Windows Messenger Customer Experience Improvement Program, Turn off Windows Customer Experience Improvement Program, Turn off Windows Network Connectivity Status Indicator active tests, Turn off Windows Update device driver searching, Do not allow changes to initiator iqn name, Do not allow changes to initiator CHAP secret, Do not allow sessions without mutual CHAP, Do not allow sessions without one way CHAP, Do not allow adding new targets via manual configuration, Do not allow manual configuration of discovered targets, Do not allow manual configuration of iSNS servers, Do not allow manual configuration of target portals, KDC support for claims, compound authentication and Kerberos armoring, KDC support for PKInit Freshness Extension, Provide information about previous logons to client computers, Allow retrieving the cloud kerberos ticket during the logon, Always send compound authentication first, Define host name-to-Kerberos realm mappings, Define interoperable Kerberos V5 realm settings, Disable revocation checking for the SSL certificate of KDC proxy servers, Fail authentication requests when Kerberos armoring is not available, Kerberos client support for claims, compound authentication and Kerberos armoring, Require strict target SPN match on remote procedure calls, Set maximum Kerberos SSPI context token buffer size, Specify KDC proxy servers for Kerberos clients, Support device authentication using certificate, Enumeration policy for external devices incompatible with Kernel DMA Protection, Disallow copying of user input methods to the system account for sign-in, Disallow user override of locale settings, Allow users to select when a password is required when resuming from connected standby, Always wait for the network at computer startup and logon, Block user from showing account details on sign-in, Do not display the Getting Started welcome screen at logon, Do not enumerate connected users on domain-joined computers, Enumerate local users on domain-joined computers, Hide entry points for Fast User Switching, Turn off app notifications on the lock screen, Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names, Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails, Set Priority in the DC Locator DNS SRV records, Set Weight in the DC Locator DNS SRV records, Specify address lookup behavior for DC locator ping, Specify DC Locator DNS records not registered by the DCs, Specify dynamic registration of the DC Locator DNS Records, Specify Refresh Interval of the DC Locator DNS records, Specify sites covered by the application directory partition DC Locator DNS SRV records, Specify sites covered by the DC Locator DNS SRV records, Specify sites covered by the GC Locator DNS SRV Records, Use automated site coverage by the DC Locator DNS SRV Records. Ignore the default list of blocked TPM commands, Ignore the local list of blocked TPM commands, Standard User Individual Lockout Threshold, Turn on TPM backup to Active Directory Domain Services, Add the Administrators security group to roaming user profiles, Control slow network connection timeout for user profiles, Delete user profiles older than a specified number of days on system restart, Disable detection of slow network connections, Do not check for user ownership of Roaming Profile Folders, Do not forcefully unload the users registry at user logoff, Do not log users on with temporary profiles, Download roaming profiles on primary computers only, Leave Windows Installer and Group Policy Software Installation Data, Maximum retries to unload and update user profile, Prevent Roaming Profile changes from propagating to the server, Prompt user when a slow network connection is detected, Set maximum wait time for the network if a user has a roaming user profile or remote home directory, Set roaming profile path for all users logging onto this computer, Set the schedule for background upload of a roaming user profile's registry file while user is logged on, User management of sharing user name, account picture, and domain information with apps (not desktop apps), Specify Windows File Protection cache location, Activate Shutdown Event Tracker System State Data feature, Allow Distributed Link Tracking clients to use domain resources, Do not automatically encrypt files moved to encrypted folders, Do not display Manage Your Server page at logon. Share Improve this answer Follow answered Oct 4, 2019 at 16:32 Turn on dynamic Content URI Rules for Windows store apps, Prevent backing up to optical media (CD/DVD), Prevent the user from running the Backup Status and Configuration program, Turn off the ability to back up data files, Turn off the ability to create a system image, Disallow locally attached storage as backup target, Allow domain users to log on using biometrics, Specify timeout for fast user switching events, Allow access to BitLocker-protected fixed data drives from earlier versions of Windows, Choose how BitLocker-protected fixed drives can be recovered, Configure use of hardware-based encryption for fixed data drives, Configure use of passwords for fixed data drives, Configure use of smart cards on fixed data drives, Deny write access to fixed drives not protected by BitLocker, Enforce drive encryption type on fixed data drives.