content, Turn off Help and Support Center Microsoft Knowledge Base search, Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com, Turn off Internet download for Web publishing and online ordering wizards, Turn off Internet File Association service, Turn off Registration if URL connection is referring to Microsoft.com, Turn off Search Companion content file updates, Turn off the "Publish to Web" task for files and folders, Turn off the Windows Messenger Customer Experience Improvement Program, Turn off Windows Customer Experience Improvement Program, Turn off Windows Network Connectivity Status Indicator active tests, Turn off Windows Update device driver searching, Do not allow changes to initiator iqn name, Do not allow changes to initiator CHAP secret, Do not allow sessions without mutual CHAP, Do not allow sessions without one way CHAP, Do not allow adding new targets via manual configuration, Do not allow manual configuration of discovered targets, Do not allow manual configuration of iSNS servers, Do not allow manual configuration of target portals, KDC support for claims, compound authentication and Kerberos armoring, KDC support for PKInit Freshness Extension, Provide information about previous logons to client computers, Allow retrieving the cloud kerberos ticket during the logon, Always send compound authentication first, Define host name-to-Kerberos realm mappings, Define interoperable Kerberos V5 realm settings, Disable revocation checking for the SSL certificate of KDC proxy servers, Fail authentication requests when Kerberos armoring is not available, Kerberos client support for claims, compound authentication and Kerberos armoring, Require strict target SPN match on remote procedure calls, Set maximum Kerberos SSPI context token buffer size, Specify KDC proxy servers for Kerberos clients, Support device authentication using certificate, Enumeration policy for external devices incompatible with Kernel DMA Protection, Disallow copying of user input methods to the system account for sign-in, Disallow user override of locale settings, Allow users to select when a password is required when resuming from connected standby, Always wait for the network at computer startup and logon, Block user from showing account details on sign-in, Do not display the Getting Started welcome screen at logon, Do not enumerate connected users on domain-joined computers, Enumerate local users on domain-joined computers, Hide entry points for Fast User Switching, Turn off app notifications on the lock screen, Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names, Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails, Set Priority in the DC Locator DNS SRV records, Set Weight in the DC Locator DNS SRV records, Specify address lookup behavior for DC locator ping, Specify DC Locator DNS records not registered by the DCs, Specify dynamic registration of the DC Locator DNS Records, Specify Refresh Interval of the DC Locator DNS records, Specify sites covered by the application directory partition DC Locator DNS SRV records, Specify sites covered by the DC Locator DNS SRV records, Specify sites covered by the GC Locator DNS SRV Records, Use automated site coverage by the DC Locator DNS SRV Records. Disable the built-in graphics card will force the system to use a single card. Select the Enabledradio button entry and then click on the [OK]button. Step 6. The first RDP connection after a reboot or power up works but subsequent connections receive an error message saying the login was refused. Way 1. To create these display drivers, perform the following steps: Step 1: Learn about Windows architecture and drivers. Turn off storage and display of search history, Prevent removable media source for any installation, Specify the order in which Windows Installer searches for installation files, Set action to take when logon hours expire, Prevent CD and DVD Media Information Retrieval, Prevent Music File Media Information Retrieval, Enables the use of Token Broker for AD FS authentication, SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services. Reboot your virtual machine. Under Setting, right-click Use WDDM graphics display driver for Remote Desktop Connections, and click Edit. You simply need to disable the WDDM graphics driver from the Remote Desktop Session Host. Allow devices compliant with InstantGo or HSTI to opt out of pre-boot PIN. XPDM and WDDM display drivers cannot co-reside; all graphics adapters in a system must use the same display driver model. Enable the WDDM graphics display driver for Remote Desktop Connections Restart the VM The first step in this process is to deploy a high GPU VM Windows 10 Multi-session instance with the correct graphics cards selected (instance selected). For this change to take effect, you must restart Windows. You must restart the VM after enabling the WDDM graphics display driver for the changes to take effect. - Use WDDM graphics display driver for Remote Desktop Connections Background: PAM was experiencing slowness in opening RDP session for some Windows target device The issue was solved after turn off this group policy for Windows target device side. If you enable or do not configure this policy setting, Remote Desktop Connections will use WDDM graphics display driver. Configure Microsoft Defender Application Guard clipboard settings, Configure Microsoft Defender Application Guard print settings, Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer, Turn on Microsoft Defender Application Guard in Managed Mode, Use a common set of exploit protection settings, Allow Address bar drop-down list suggestions, Allow configuration updates for the Books Library, Allow extended telemetry for the Books tab, Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed, Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed, Always show the Books Library in Microsoft Edge, Configure search suggestions in Address bar, Configure the Adobe Flash Click-to-Run setting. This is a known Vista/Windows 7 limitation. If you have Windows 10 Pro, run gpedit.msc and navigate to the following: Local Computer Policy > Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment Set the Use WDDM graphics display driver for Remote Desktop Connections policy to Disabled In the Windows search box, type gpedit.msc, and press Enter. Use DNS name resolution with a single-label domain name instead of NetBIOS name resolution to locate the DC, Allow cryptography algorithms compatible with Windows NT 4.0, Specify negative DC Discovery cache setting, Specify positive periodic DC Cache refresh for non-background callers, Use final DC discovery retry setting for background callers, Use initial DC discovery retry setting for background callers, Use maximum DC discovery retry interval setting for background callers, Use positive periodic DC cache refresh for background callers, Use urgent mode when pinging domain controllers, Allow Clipboard synchronization across devices, Select the lid switch action (on battery), Select the lid switch action (plugged in), Select the Power button action (on battery), Select the Power button action (plugged in), Select the Sleep button action (on battery), Select the Sleep button action (plugged in), Select the Start menu Power button action (on battery), Select the Start menu Power button action (plugged in), Energy Saver Battery Threshold (on battery), Energy Saver Battery Threshold (plugged in), Allow applications to prevent automatic sleep (on battery), Allow applications to prevent automatic sleep (plugged in), Allow automatic sleep with Open Network Files (on battery), Allow automatic sleep with Open Network Files (plugged in), Allow network connectivity during connected-standby (on battery), Allow network connectivity during connected-standby (plugged in), Allow standby states (S1-S3) when sleeping (on battery), Allow standby states (S1-S3) when sleeping (plugged in), Require a password when a computer wakes (on battery), Require a password when a computer wakes (plugged in), Specify the system hibernate timeout (on battery), Specify the system hibernate timeout (plugged in), Specify the system sleep timeout (on battery), Specify the system sleep timeout (plugged in), Specify the unattended sleep timeout (on battery), Specify the unattended sleep timeout (plugged in), Turn on the ability for applications to prevent sleep transitions (on battery), Turn on the ability for applications to prevent sleep transitions (plugged in), Specify the display dim brightness (on battery), Specify the display dim brightness (plugged in), Turn off adaptive display timeout (on battery), Turn off adaptive display timeout (plugged in), Turn on desktop background slideshow (on battery), Turn on desktop background slideshow (plugged in), Minimum Idle Connection Timeout for RPC/HTTP connections, Propagation of extended error information, Restrictions for Unauthenticated RPC clients, RPC Endpoint Mapper Client Authentication, All Removable Storage: Allow direct access in remote sessions, All Removable Storage classes: Deny all access, Allow logon scripts when NetBIOS or WINS is disabled, Maximum wait time for Group Policy scripts, Run Windows PowerShell scripts first at computer startup, shutdown, Run Windows PowerShell scripts first at user logon, logoff, Configure the refresh interval for Server Manager, Do not display Initial Configuration Tasks window automatically at logon, Do not display Server Manager automatically at logon, Turn off automatic termination of applications that block or cancel shutdown, Allow downloading updates to the Disk Failure Prediction Model, Allow Storage Sense Temporary Files cleanup, Configure Storage Sense Cloud Content dehydration threshold, Configure Storage Sense Recycle Bin cleanup threshold, Configure Storage Storage Downloads cleanup threshold, Detect application failures caused by deprecated COM objects, Detect application failures caused by deprecated Windows DLLs, Detect application installers that need to be run as administrator, Detect applications unable to launch installers under UAC, Detect compatibility issues for applications and drivers, Configure Corrupted File Recovery Behavior, Disk Diagnostic: Configure custom alert text, Disk Diagnostic: Configure execution level, Microsoft Support Diagnostic Tool: Configure execution level, Microsoft Support Diagnostic Tool: Restrict tool download, Microsoft Support Diagnostic Tool: Turn on MSDT interactive communication with support provider, Troubleshooting: Allow users to access recommended troubleshooting for known problems, Configure MSI Corrupted File Recovery Behavior, Configure Security Policy for Scripted Diagnostics, Troubleshooting: Allow users to access and run Troubleshooting Wizards, Troubleshooting: Allow users to access online troubleshooting content on Microsoft servers from the Troubleshooting Control Panel (via the Windows Online Troubleshooting Service - WOTS), Diagnostics: Configure scenario execution level, Diagnostics: Configure scenario retention, Configure the level of TPM owner authorization information available to the operating system, Configure the list of blocked TPM commands. Environment Release : 3.3 Component : PRIVILEGED ACCESS MANAGEMENT Resolution There is no impact. Do not prompt for client certificate selection when no certificates or only one certificate exists. If you disable this policy setting, Remote Desktop Connections will NOT use WDDM graphics display driver. set "Use WDDM graphics display driver for Remote Desktop Connections" to disabled Steps: - Disable the policy described above - Restart host computer (one you're remoting into) - re-connect via remote desktop - re-arrange desktop windows - disconnect - re-connect to test and verify nothing has been compacted back to primary monitor. "Use WDDM graphics display driver for Remote Desktop . If you are using Windows 10 pro v1909, disable 'Use WDDM graphics display driver for Remote Desktop Connection'. Disable binding directly to IPropertySetStorage without intermediate layers. set the policy "Use WDDM graphics display driver for Remote Desktop Connections" to DISABLED. In the main window, double-click Use WDDM graphics display driver for remote Desktop Connections. Sign up for a free GitHub account to open an issue and contact its maintainers and the community. Do not allow pinning programs to the Taskbar, Do not allow pinning Store app to the Taskbar, Do not allow taskbars on more than one display, Do not display any custom toolbars in the taskbar, Do not display or track items in Jump Lists from remote locations, Do not keep history of recently opened documents, Do not search programs and Control Panel items, Do not use the search-based method when resolving shell shortcuts, Do not use the tracking-based method when resolving shell shortcuts, Force Start to be either full screen size or menu size, Go to the desktop instead of Start when signing in, Gray unavailable Windows Installer programs Start Menu shortcuts, Prevent changes to Taskbar and Start Menu Settings, Prevent users from adding or removing toolbars, Prevent users from customizing their Start Screen, Prevent users from moving taskbar to another screen dock location, Prevent users from uninstalling applications from Start, Remove access to the context menus for the taskbar, Remove All Programs list from the Start menu, Remove Clock from the system notification area, Remove common program groups from Start Menu. On the left, click the Citrix VDA Non-Admin Users GPO to highlight it. blank windows. Set the policy named Use WDDM graphics display driver for Remote Desktop Connections to Enabled. Click Display Make sure "Use all my monitory for the remote session" is checked. Configure the system to clear the TPM if it is not in a ready state. This is the new best answer. In Group Policy Editor under Remote Desktop Session Host -> Remote Session Environment . Remove Default Programs link from the Start menu. You can deploy a GPO to fix this company-wide: Administrative Templates (Computers) > Windows Components > Remote Desktop Service > Remote Desktop Session Host: Disable the setting "Use WDDM graphics display driver for Remote Desktop Connection" Disable showing balloon notifications as toasts. Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment > Use WDDM graphics display driver for Remote Desktop Connections | set to "Disabled". In the VM, set a codec that is appropriate for the anticipated end-user workloads. No side affects that I see. By default, the display adapter driver for Remote Desktop connection is WDDM. Use WDDM graphics display driver for Remote Desktop Connections This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections. Remove frequent programs list from the Start Menu, Remove links and access to Windows Update, Remove Network Connections from Start Menu, Remove pinned programs list from the Start Menu, Remove See More Results / Search Everywhere link, Remove the "Undock PC" button from the Start Menu, Remove user's folders from the Start Menu, Show "Run as different user" command on Start, Show Start on the display the user is using when they press the Windows logo key, Show the Apps view automatically when the user goes to Start, Turn off automatic promotion of notification icons to the taskbar, Turn off feature advertisement balloon notifications, Do not automatically make all redirected folders available offline, Do not automatically make specific redirected folders available offline, Enable optimized move of contents in Offline Files cache on Folder Redirection server path change, Configure Group Policy domain controller selection, Create new Group Policy Object links disabled by default, Set default name for new Group Policy objects, Set Group Policy refresh interval for users, Turn off Help Experience Improvement Program, Prompt for password on resume from hibernate/suspend, Connect home directory to root of the share, Specify network directories to sync at logon/logoff time only, Do not preserve zone information in file attachments, Hide mechanisms to remove zone information, Inclusion list for moderate risk file types, Notify antivirus programs when opening attachments, Configure Windows spotlight on lock screen, Do not suggest third-party content in Windows spotlight, Do not use diagnostic data for tailored experiences, Turn off Windows Spotlight on Action Center, Do not show recent apps when the mouse is pointing to the upper-left corner of the screen, Prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the lower-left corner or press the Windows logo key+X, Search, Share, Start, Devices, and Settings don't appear when the mouse is pointing to the upper-right corner of the screen, Allow only per user or approved shell extensions, Display confirmation dialog when deleting files, Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon, Do not display the Welcome Center at user logon, Do not move deleted files to the Recycle Bin, Do not track Shell shortcuts during roaming, Hides the Manage item on the File Explorer context menu, Hide these specified drives in My Computer, No Computers Near Me in Network Locations, Pin Internet search sites to the "Search again" links and the Start menu, Pin Libraries or Search Connectors to the "Search again" links and the Start menu, Prevent access to drives from My Computer. XP Display Driver Model (XPDM or XDDM): XPDM drivers supply a user interface that visually resembles the Windows XP*/2000* user . Configure Applications preference extension policy processing, Configure Data Sources preference extension policy processing, Configure Devices preference extension policy processing, Configure Direct Access connections as a fast network connection, Configure Drive Maps preference extension policy processing, Configure Environment preference extension policy processing, Configure Files preference extension policy processing, Configure Folder Options preference extension policy processing, Configure folder redirection policy processing, Configure Folders preference extension policy processing, Configure Group Policy slow link detection, Configure Ini Files preference extension policy processing, Configure Internet Explorer Maintenance policy processing, Configure Internet Settings preference extension policy processing, Configure Local Users and Groups preference extension policy processing, Configure Network Options preference extension policy processing, Configure Network Shares preference extension policy processing, Configure Power Options preference extension policy processing, Configure Printers preference extension policy processing, Configure Regional Options preference extension policy processing, Configure Registry preference extension policy processing, Configure Scheduled Tasks preference extension policy processing, Configure Services preference extension policy processing, Configure Shortcuts preference extension policy processing, Configure software Installation policy processing, Configure Start Menu preference extension policy processing, Configure user Group Policy loopback processing mode, Configure web-to-app linking with app URI handlers, Determine if interactive users can generate Resultant Set of Policy data, Enable AD/DFS domain controller synchronization during policy refresh, Remove users' ability to invoke machine policy refresh, Set Group Policy refresh interval for computers, Set Group Policy refresh interval for domain controllers, Specify startup policy processing wait time, Specify workplace connectivity wait time for policy processing, Turn off background refresh of Group Policy, Turn off Group Policy Client Service AOAC optimization, Turn off Local Group Policy Objects processing, Turn off access to all Windows Update features, Turn off Automatic Root Certificates Update, Turn off downloading of print drivers over HTTP, Turn off handwriting personalization data sharing, Turn off handwriting recognition error reporting, Turn off Help and Support Center "Did you know?"