Skip to main content
InSource Solutions

TN IT218 Configuring Local Group Policies for Remote Desktop Services




This article from InSource describes the Local Group Policy setup required to support running InTouch RDS/TSE on a server that is a member of a workgroup.

  • Author:  Rich Brooks
  • Published:  04/24/2016
  • Applies to:  Windows Server 2012 and 2012R2


Remote Desktop Services (RDS) configuration tools available with Server 2012 and 2012R2 require the server to be a member of a domain.  The RDS configuration must be completed manually from the Local Group Policy Editor when the server is a member of a workgroup.  This tech note details the typical configuration settings required from the Local Policy Editor when setting up a workgroup server. 

Note:  This tech note assumes that the server role and default features for Remote Desktop Services have already been installed.  The role services including Remote Desktop Licensing and Remote Desktop Session Host have been installed as well from the Server Manager.

Start by opening the run dialog box (use the Windows button and R key combination shortcut).  Type in gpedit.msc and then the enter key to open the Local Group Policy Editor.


Navigate to the Local Computer Policy | Computer Configuration | Administrative Templates | Windows Components | Remote Desktop Services | Remote Desktop Services Host.  Select the Connections folder and double-click on Allow remote start of unlisted programs.


Select the Enabled radio button and click on the OK button.  This will allow the session to startup InTouch (view.exe) or any other program.  The configuration of the RemoteApps from the Collection will not be required.


Next select the Licensing folder and double-click on Use the specified Remote Desktop license servers.


Select the Enabled radio button and enter the node name for the License server to use.  Click on the Next Setting button twice.


Select the Enabled radio button and choose the Per User mode from the drop down list.  This needs to match the RDS client access license (CAL) mode.  Click on the OK button.


Next select the Security folder and double-click on Require user authentication for remote connections by using Network Level Authentication.


Select the Enabled radio button and click on the OK button.

The configuration is now complete.  Either restart the server or run gpupdate /force from a command prompt to apply the policy changes.  The server will be ready to run InTouch WindowViewer from the RDS environment.