Overview of Default Group Policies and GPOs

Applies to: Nerdio Private Cloud (NPC). Does not apply to Nerdio for Azure (NFA)

Every Nerdio Private Cloud (NPC) account is provisioned with a series of group policies as detailed below. While you may change the default GPOs, we strongly recommend you contact support to discuss implications of doing so.

Policy Settings
Default Domain Policy
Type: Computer
1. Password policy
2. Account Lockout policy
3. Kerberos policy
4. Security options
5. Public key policy\Encrypting file system
WS Computer GPO
Type: Computer
1. Startup script - DisableEjectDevices.ps1. Prevents ejecting VMWare NICs.

PCoIP Session Variables (not override-able):
2.1 Configure SSL protocols TLS1.0,1.1,1.2. Required for VMWare compatibility.
2.2 Turn off Build-to-Lossless feature. Turn off feature to improve image quality (consumes more bandwidth).

PCoIP Session Variables (override-able):
3.1 Configure clipboard redirection. Copy/paste enabled in both directions (agent <-> client).
3.2 Turn off Build-to-Lossless feature - enabled. Turn off feature to improve image quality (consumes more bandwidth)
Default Domain Controllers Policy
Type: Computer
Default DC policies
Folder redirection
Type: User
Desktop and Documents folder redirection. Redirect desktop and documents to FS01.
IE settings
Type: User
1. Common Microsoft 365 URLs added to trusted sites.
2. Add rdweb.nerdio.net to local intranet.

Helps with SSO among other things.
LetWindowsMng DefaultPrinter
Type: User
HCU registry - LegacyDefaultPrinterMode set to '0'. Enables "Let Windows Manage Default Printer" on Windows 10. Is set to "Apply once and do not reapply".
Office 2016
Type: User
1. Do not use graphics acceleration - Enabled
2. Trust Center settings (five items)
3. Subscription activation with federated credentials

4.1 Automatically configure profile based on AD's primary SMTP
4.2 Cached Exchange enabled (new profiles) - full items
4.3 Sync One year
4.4 Cache Exchange Mode for new and existing profiles

5. Delegates: Disable shared mail folder caching
6. HCU Registry - ArchiveIgnoreLastModifiedTime
RDS SSO Configuration
Type: User
Default connection URL. Points remoteapp to rdweb.nerdio.net.
Type: User
Set screen saver timeout to 1,200 seconds.
Type: User
Run numlock.vbs on user login. Enables Num Lock on login.

Was this article helpful?

0 out of 0 found this helpful
Have more questions? Submit a request

Comments (0 comments)

Article is closed for comments.