How to ensure webcam functionality on remote desktops

Copyright TechTarget - All rights reserved https://cyber.law.harvard.edu/rss/rss.html Techtarget Feed Generator en Wed, 17 Jun 2026 07:11:55 GMT https://www.techtarget.com/searchvirtualdesktop editor@techtarget.com <p>Remote desktops, especially in the case of remote workers, need sufficient support for peripheral devices to carry out critical functions.</p> <p>Webcams enable remote collaboration through <a href="https://www.techtarget.com/searchunifiedcommunications/definition/video-conference">video conferencing</a>, and they are now a common way for users to collaborate from different locations. However, these peripheral devices can cause problems when Remote Desktop Protocol (<a href="https://www.techtarget.com/searchenterprisedesktop/definition/Remote-Desktop-Protocol-RDP">RDP</a>) configurations aren't perfectly in place.</p> <p>IT teams should ensure they have all the right prerequisites for remote desktops to have functioning webcam access and know how to troubleshoot any issues that might arise.</p> <section class="section main-article-chapter" data-menu-title="Ensure the webcam is functional on the local device"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Ensure the webcam is functional on the local device</h2> <p>The first and most critical step is to ensure that the webcam is functioning properly on the local device. If the webcam is built in, does the device recognize it? If the webcam is a plugin peripheral device, does it have the proper configurations, and is it fully operational? If it's possible that multiple webcams are in use, make sure that the desired webcam is selected.</p> <p>Most laptops have a mediocre internal webcam, so organizations might opt to install a higher-quality webcam. While the newer webcam typically becomes the default, users might need to specifically designate it as such.</p> <p>If the webcam does not function at all on the local device, the issue might be related to connectivity or drivers. While most webcams are plug-and-play devices -- meaning that they automatically self-configure once plugged in -- some devices might require the installation of certain drivers or third-party software.</p> <p>The <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Understanding-remote-desktop-connection-management-tools">connection type</a> of the device can affect success as well. Webcams typically connect through USB, and some use Bluetooth for audio features. Issues with the USB input or Bluetooth audio components could result in webcam errors. Additionally, certain device‑redirection types might be disabled within an RDP user session, rendering the remote desktop unable to detect the webcam.</p> </section> <section class="section main-article-chapter" data-menu-title="Manage the RDP configurations"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Manage the RDP configurations</h2> <p>Optimally, the webcam should be fully set up and configured prior to initiating an RDP session. While the RDP connection should recognize a peripheral after an RDP session has started, this might not work if plug and play is not enabled or an issue occurs. It's better to avoid this possibility altogether.</p> <p>There are a few settings that can affect webcams within an RDP session. If any of the following settings disables the webcam connection, the peripheral won't function properly:</p> <ul type="disc" class="default-list"> <li>User device <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Top-5-remote-desktop-connectivity-problems-and-how-to-prevent-them">RDP connection settings</a>.</li> <li>Group Policy Objects (GPOs), such as RDP workstation, server and domain settings.</li> <li>Potential additional settings from Citrix, VMware, Parallels or another vendor.</li> </ul> <p>On the user device, IT admins or even users can configure RDP connection settings within the Local Resources tab. There are several settings that can directly affect webcams. One of the most common settings to look into is under Local Resources > Local devices and resources > More…<i> </i>(Figure 1). Once on the proper screen, select the <b>Video capture devices</b> checkbox to enable it. By default, this setting is not enabled, so organizations should either manage this setting directly or inform users how to make this change.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/webcam_rdp_1-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/webcam_rdp_1-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/webcam_rdp_1-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/webcam_rdp_1-h.jpg 1280w" alt="The Windows Remote Desktop Connection settings console with the local resources selected." data-credit="Jo Harder" height="559" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. The extended remote desktop settings showing options for video capture devices, which includes webcams. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>In addition, IT might need to enable <b>Other Supported Plug and Play devices</b>, including the <b>Devices that I plug in later</b> checkbox. Further, it might be necessary to open the remote audio settings and make adjustments that affect the webcam's microphone feature.</p> <p>GPO settings are the most common reason that a webcam doesn't function as expected. Keep in mind that there are two places where GPO settings can alter the RDP session: the local remote desktop workstation, and the server and domain-wide settings. Disabling webcam, video or other connection settings within either of these locations hinders webcam functionality.</p> <p>Within Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection, there are various settings that could cause issues for webcam usage. These settings are available both as Active Directory (AD) GPOs that encompass an organizational unit within the domain, and as local GPOs that only affect that particular remote desktop workstation or server.</p> <p>For example, if <b>Do not allow video capture redirection</b> is enabled on the remote desktop workstation or server but not configured within a domain GPO, the user would not be able to connect a webcam within that remote desktop resource (Figure 2). However, that user would be able to connect to a webcam within other remote desktop resources that don't have this GPO locally configured.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/webcam_rdp_2-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/webcam_rdp_2-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/webcam_rdp_2-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/webcam_rdp_2-h.jpg 1280w" alt="The list of GPOs with arrows pointing at those most relevant for remote desktop webcam sessions." data-credit="Jo Harder" height="188" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. The various GPOs pertaining to webcam settings on remote desktops. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Administrators should exercise extreme caution when making one-off changes to a remote desktop workstation or server, such as altering settings while troubleshooting an issue. If IT admins make any <a href="https://www.techtarget.com/searchwindowsserver/tip/How-to-avoid-common-GPO-backup-and-restore-problems">temporary changes to local GPOs</a>, they should reverse them immediately. In the event that this isn't possible, IT should deploy a newly provisioned remote desktop workstation and then revert the compromised workstation back to its basic state with all the correct local and domain GPOs applied.</p> <p>Other settings related to video playback, audio and plug-and-play device redirection can affect webcam functionality. Unfortunately, just one of these misapplied settings can wreak havoc for admins, so IT must carefully monitor any webcam-related settings.</p> <p>If someone has altered video playback settings, the user might mistakenly perceive the change as a webcam issue. When playback does not occur as expected within the RDP session, the user might not realize that the webcam did indeed function properly. For example, if a user records a video but then can't view the recording or hear the audio, it would only be the playback that failed.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> If IT admins make any temporary changes to local GPOs, they should reverse them immediately. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>If a third-party virtualization product is in use, IT can manage and configure additional settings. These settings can prevent or alter not only webcam functionality, but also audio and connectivity ports, such as USB and Bluetooth.</p> </section> <section class="section main-article-chapter" data-menu-title="Initiate a troubleshooting session"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Initiate a troubleshooting session</h2> <p>When a user files a ticket broadly saying that their webcam isn't working, IT needs to take several steps to respond -- especially if this user needs a webcam for business-critical tasks like video conferencing. If the issue is only reported by a single user, it's likely related to either the physical webcam or its configuration. In this case, it's best to start at the user device and ensure functionality as a first step. To do this, ask the user the following questions:</p> <ul type="disc" class="default-list"> <li>Does the webcam function properly on the local device? Can the user successfully access the webcam within a local Zoom session?</li> <li>Is this a new webcam? If not, has the webcam worked as intended previously? When was the last time that the user was able to use the webcam locally and within an RDP session?</li> <li>What appears within the local RDP connection settings? Has anyone revised these settings recently?</li> <li>Can the user test this webcam on another user device to rule out a faulty peripheral?</li> </ul> <p>However, if multiple users report that their webcams aren't working, the issue is likely related to policy settings or port configuration. Admins should review GPO settings to determine which specific configuration might be blocking or altering microphone functionality. A tool such as AD <a href="https://www.techtarget.com/searchwindowsserver/definition/RSoP-Resultant-Set-of-Policy">Resultant Set of Policy</a> can help review the settings that are ultimately applied to the user and device.</p> <p>IT should also review the desktop virtualization product's configuration to ensure that other settings are enabling webcam functionality. If IT pushed out an update the day before the issues arose, the details of that update are worth investigating. Changes to policies could be the culprit as well. For example, if admins have blocked all access to USB peripheral devices to disable thumb drive data leakage, then webcams that plug into a USB port won't be redirected within the user session.</p> <p><b>Editor's note:</b> <i>This article was updated in May 2026 to improve the reader experience.</i></p> <p><i>Jo Harder has been involved with virtualization for over 19 years. She focuses on Citrix virtualization solutions and has been a Citrix Technology Professional (CTP) for four years.</i></p> </section> As distributed workforces become the norm, more employees use remote desktops. To support these workers, IT must be able to set up and troubleshoot peripheral devices like webcams. https://cdn.ttgtmedia.com/rms/onlineimages/collab_g1217698617.jpg https://www.techtarget.com/searchvirtualdesktop/tip/Enabling-and-supporting-webcam-use-on-remote-desktops Fri, 22 May 2026 10:00:00 GMT How to ensure webcam functionality on remote desktops <p data-end="17261" data-start="17020">Virtual desktop users often need to store files that should remain available after they log off. Folder redirection is one way to centralize user data storage so important files are not lost when a nonpersistent virtual desktop session ends.</p> <p data-end="17707" data-start="17266">Virtual desktop administrators often configure roaming profiles and folder redirection together as part of a user personalization strategy. Roaming profiles store user settings, while folder redirection moves selected user folders, such as Documents or Desktop, to a centralized location. Used together, they can improve user experience and reduce profile bloat, but they also require planning around storage, network performance and backup.</p> <p data-end="17707" data-start="17266">In modern virtual desktop environments, folder redirection should be evaluated alongside profile containers and other profile management tools. It can still be <a href="https://www.techtarget.com/searchvirtualdesktop/answer/How-does-a-roaming-user-profile-work">useful with roaming profiles</a>, but environments that use Azure Virtual Desktop, nonpersistent desktops or Microsoft 365 app data might rely on FSLogix profile containers instead of, or in addition to, traditional roaming profile designs.</p> <p>A home folder is not the same as folder redirection. Both use centralized storage, but they work differently. A home folder is a shared drive that maps at logon and gives the user a place to store personal files. Folder redirection automatically redirects specific Windows folder contents, such as Documents or Desktop, to a target location that IT <a href="https://www.techtarget.com/searchvirtualdesktop/tip/How-to-address-roaming-profiles-with-GPOs">defines through Group Policy</a>.</p> <p>When IT admins configure home folders for a virtual desktop environment, they should configure them specifically for <a href="https://www.techtarget.com/searchvirtualdesktop/definition/Remote-Desktop-Services-RDS">Remote Desktop Services</a>. To do so, they will need this Group Policy Object (GPO): Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Profiles > Set Remote Desktop Services User Home.</p> <section class="section main-article-chapter" data-menu-title="Benefits of folder redirection for virtual desktops"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Benefits of folder redirection for virtual desktops</h2> <p>Without folder redirection, saving files on a virtual desktop can present difficulties. For example, users might get confused if they see several options for saving files from a virtual desktop or lose hours of work if they save files on a nonpersistent virtual desktop. Instead, IT can use folder redirection to automate and safely store files in a centralized repository. This way, users don't need to worry about where the virtual desktop stores their files.</p> <p>Folder redirection is beneficial for virtual desktop environments because user data is centralized and easily accessible. In addition, IT can <a href="https://www.techtarget.com/searchsecurity/feature/17-ransomware-removal-tools-to-protect-enterprise-networks">automate antivirus scans</a> and data backups because the files are centralized within the storage repository. This can improve the organization's overall security posture.</p> <p>Centralized files can also make it easier to plan user profile backup and recovery processes.</p> <p>Additionally, folder redirection can reduce roaming profile size because large user files do not have to travel with the profile during sign-in and sign-out. That can be especially important in nonpersistent virtual desktop environments, where users expect their files and settings to follow them even though the virtual desktop itself resets between sessions.</p> </section> <section class="section main-article-chapter" data-menu-title="Folder redirection options"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Folder redirection options</h2> <p>IT administrators use folder redirection to designate a centralized storage repository for all 13 folders eligible for redirection, which include the following:</p> <ul class="default-list"> <li>AppData/Roaming.</li> <li>Contacts.</li> <li>Desktop.</li> <li>Documents.</li> <li>Downloads.</li> <li>Favorites.</li> <li>Links.</li> <li>Music.</li> <li>Pictures.</li> <li>Saved Games.</li> <li>Searches.</li> <li>Start Menu.</li> <li>Videos.</li> </ul> <p>IT must configure folder redirection for each folder; the redirected location does not need to be the same for all redirected folders.</p> <p>The Documents and Desktop folders are most commonly redirected to centralized repositories. These two folders contain the largest amount of user-created files such as documents, spreadsheets and presentations. These are the files that users generally find most critical in their day-to-day work. Most users store these files within the Documents folder, but some prefer to keep them on the Desktop for quick access. As such, <a href="https://www.techtarget.com/searchwindowsserver/tutorial/PowerShell-Move-Item-examples-for-file-folder-management">redirecting both of these folders</a> ensures a better user experience.</p> <p>Some organizations redirect the Downloads folder, but this isn't always the best approach. Downloads can grow quickly when users save files they don't need in the long term. IT should monitor user behavior and determine whether downloaded files must persist after the session ends. In many environments, users need downloaded files only during the current virtual desktop session.</p> <p>Many organizations don't redirect Music, Pictures, Saved Games or Videos folders because these files can consume significant storage and often don't serve a business-critical purpose. Administrators can also use GPOs to restrict whether users save certain file types. However, IT should treat media-heavy roles separately. Employees who work with video, audio, design files or other large assets might need a different storage and redirection strategy than the average user.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/whatis-group_policy_object-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/whatis-group_policy_object-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/whatis-group_policy_object-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/whatis-group_policy_object-f.png 1280w" alt="Diagram showing IT administrators using Group Policy Objects to manage users and endpoints." height="246" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. Group Policy can redirect selected user folders to centralized storage so files persist across virtual desktop sessions. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>IT typically doesn't redirect the Searches, Start Menu, Favorites, Contacts and Links folders for several reasons. Primarily, the data content files within these folders are quite minimal, and the storage benefits are negligible. In addition, the desktop might refer to this data frequently within the user session and would create latency as the data traverses the network. As a result, these files are more often housed within the roaming user profile.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Folder redirection can reduce roaming profile size because large user files do not have to travel with the profile during sign-in and sign-out. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>IT rarely redirects the AppData/Roaming folder because it stores many app settings. For example, if an application stores custom settings in the AppData/Roaming folder, each time a user queries one of these settings, the read request traverses the network to the centralized repository. This could cause latency with the application and have a negative effect on UX. Many applications make these types of calls frequently because there are no delays for these operations in a traditional desktop environment. In addition, many applications store temporary or recovered files in the AppData/Roaming folder, and some of these files are quite large. As a result, the AppData/Roaming folder is not a prime candidate for redirection.</p> </section> <section class="section main-article-chapter" data-menu-title="How to set up folder redirection alongside roaming profiles"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to set up folder redirection alongside roaming profiles</h2> <p>When virtual desktop admins configure roaming profiles and folder redirection together, they should configure folder redirection first. If IT enables folder redirection before roaming profiles, user data is redirected to the designated centralized storage location and doesn't become part of the roaming profile. If IT enables folder redirection after the roaming profile setting, existing user data might remain inside the roaming profile, increasing profile size and creating inconsistent results.</p> <p>The process to configure folder redirection is straightforward. Within the designated GPO, the administrator should access User Configuration > Policies > Windows Settings > Folder Redirection. Once IT admins right-click the desired folders and select <strong>Properties</strong>, they can view the configuration options. The most common approach is to select the <strong>Advanced</strong> setting and designate the <strong>Target Folder Location</strong> as <strong>Create a folder for each user under the root path </strong>(Figure 2).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/profile_redirect_folder_1.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/profile_redirect_folder_1_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/profile_redirect_folder_1_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/profile_redirect_folder_1.jpg 1280w" alt="Group Policy interface showing target folder location settings for redirected folders." data-credit="Jo Harder" height="333" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. Admins can choose folder redirection settings and create a folder for each user under a root path. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>When an IT admin designates a home directory for the user, redirecting the target folder to the home directory might be a valid option (Figure 3). Redirecting to the local user profile location would not be wise in a virtual desktop environment because the local user profile is discarded when the nonpersistent virtual desktop is deleted at the end of the session.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/profile_redirect_folder_2.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/profile_redirect_folder_2_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/profile_redirect_folder_2_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/profile_redirect_folder_2.jpg 1280w" alt="Group Policy interface showing detailed folder redirection settings for selected folders." data-credit="Jo Harder" height="590" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 3. Folder redirection settings let admins define how selected folders are redirected and how content is handled. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Generally, IT should keep the default configuration contained within the Settings tab. Once again, it would not be prudent to redirect the folder back to the local user profile location when the policy is removed because the local user profile would not be preserved.</p> <p data-end="24454" data-start="24048">When an IT admin configures roaming profiles and folder redirection, that admin must be a member of the Domain Admin group, the Enterprise Admin group or the Group Policy Creator Owners group. Testing is important to confirm the desired outcome once the admin configures the folder redirection GPOs. A lab environment can help avoid production impact, and a small group of pilot users can further validate results.</p> <p data-end="24840" data-start="24459">Once folder redirection is enabled, administrators should closely monitor storage use, backup behavior, network performance and UX. Storage requirements can increase quickly, especially if IT redirects large folders, or if users store more files than expected. If storage reaches its upper limit, performance can slow, and users might lose access to redirected folder data.</p> <p data-end="24840" data-start="24459"><strong data-end="16079" data-start="16061">Editor's note:</strong> <em>This article was updated in May 2026 to reflect current virtual desktop profile management considerations, including roaming profiles, folder redirection, storage planning and FSLogix alternatives.</em></p> <p data-end="24840" data-start="24459"><em>Jo Harder has been involved with virtualization for over 19 years. She focuses on Citrix virtualization solutions and has been a Citrix Technology Professional (CTP) for four years. </em></p> </section> Folder redirection helps keep user files out of roaming profiles, improving consistency and reducing profile bloat in virtual desktop environments. https://cdn.ttgtmedia.com/rms/onlineimages/folder-files06.jpg https://www.techtarget.com/searchvirtualdesktop/tip/Configuring-folder-redirection-works-with-roaming-profiles Thu, 21 May 2026 08:42:00 GMT Configuring folder redirection works with roaming profiles <p>Microsoft roaming profiles give IT administrators a basic way to provide users with their personal settings and data across Windows devices or virtual desktops connected to the corporate network. They remain a simple, time-tested option, but modern desktop and virtual desktop environments often require IT teams to weigh roaming profiles against newer profile management approaches such as FSLogix profile containers.</p> <p>Windows systems maintain a profile for each user who logs in to the OS. The user's profile folder contains user-specific data and user's packaged data on customizations such as application configuration data, browser history, documents, photos and much more.</p> <p>A user profile's location varies depending on which version of Windows an organization uses, but most newer Windows versions include a folder named C:\Users. A user's local profile lives there in another folder, usually titled with the user's name or an identifying number that IT assigns.</p> <p>The problem with standard user profiles is that they are tied to an individual desktop. If users log in from a different physical desktop or virtual desktop, their profile data won't exist on that machine. If the user logs in to a new machine, Windows creates a new and empty local profile for the user. This is where it's important for IT professionals to know what a roaming profile is.</p> <p>Roaming profiles can still help in environments where users move among domain-joined Windows devices or virtual desktops. However, IT should treat them as part of a broader profile management strategy, especially in nonpersistent virtual desktop, Azure Virtual Desktop or mixed Windows environments.</p> <section class="section main-article-chapter" data-menu-title="What is a roaming profile?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is a roaming profile?</h2> <p>A roaming profile is very similar to the local profiles that exist on every Windows desktop. The difference is that, rather than being stored locally on the desktop, a roaming profile is stored on a network server. Because the roaming profile is centralized, as opposed to being local to a specific desktop, the profile data can follow the user from one machine to another. This means that the user will have access to all the data that's stored within their profile, regardless of which of the networked Windows PCs they log in to.</p> </section> <section class="section main-article-chapter" data-menu-title="How do roaming profiles work?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How do roaming profiles work?</h2> <p>With a roaming user profile, employees' data follows them from device to device, so long as those devices are part of the same Active Directory (<a href="https://www.techtarget.com/searchwindowsserver/definition/Active-Directory">AD</a>) environment and run a Windows OS. These profiles are stored on a network server rather than on a desktop computer. Admins can configure AD so that it associates the roaming user profile with the user's account.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h_half_column_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h_half_column_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/windows_server-active_directory-h.png 1280w" alt="A graphic showing the services in Active Directory including Domain Services, Lightweight Directory Services and Certificate Services." height="304" width="279"> <figcaption> <i class="icon pictures" data-icon="z"></i>Active Directory can associate a roaming user profile with a user account so profile data follows the user across supported Windows devices. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>When an employee logs in, Windows copies the user's profile from the network to the local computer that the employee has logged in to. When the employee logs off, Windows copies any updates the user made to profile data from the desktop computer to the network copy of the profile. This process ensures that the roaming user profile contains current data the next time the employee logs in to a <a href="https://www.techtarget.com/searchvirtualdesktop/definition/virtual-desktop">virtual desktop</a> or PC.</p> <p>This copy-in and copy-out process is what makes profile size so important. Large profiles can increase sign-in and sign-out times, especially in virtual desktop environments or locations with slower network connections. <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Configuring-folder-redirection-works-with-roaming-profiles">Folder redirection</a> and careful profile design can reduce that risk.</p> <p>If an organization decides to use roaming profiles, then it will need to take steps to control the volume of data that is associated with each profile. Otherwise, the profile can grow to become quite large. This can be a problem because the profile must be copied to the user's computer each time the user logs on, and the profile also has to be copied from the user's desktop to a network server when the user logs off. In some real-world deployments, it can take nearly an hour for users to log in, simply because of the volume of profile data that has to be copied to the user's desktop as a part of the login process.</p> </section> <section class="section main-article-chapter" data-menu-title="How to use folder redirection with roaming profiles"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to use folder redirection with roaming profiles</h2> <p>The best way to avoid this problem is to use folder redirection. Library folders such as Documents, Pictures and Videos are a part of a user's profile and can accumulate large amounts of data. Many organizations use folder redirection as a way of moving these folders to a network file share, so that they are stored outside of the user's profile. In doing so, the user might have the illusion that documents are still located in their library folders, when the documents are stored on a centrally accessible network share instead.</p> <p>The most obvious benefit to using folder redirection is that it can reduce the time required for a user to log on or log off. However, another potential benefit is that folder redirection can sometimes make it easier to back up a user's files.</p> </section> <section class="section main-article-chapter" data-menu-title="What are the software and hardware requirements for roaming profiles?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are the software and hardware requirements for roaming profiles?</h2> <p data-end="5152" data-start="4698">For an organization to use roaming profiles, client computers must be domain joined and connected to the AD Domain Services environment that IT manages. Microsoft's current roaming profile <a href="https://learn.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles" target="_blank" rel="noopener">deployment documentation</a> applies to Windows Server 2025, Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows 11 and Windows 10, though organizations should validate support for their specific client and server mix before deployment.</p> <p data-end="5414" data-start="5157">IT also needs a file server to host the profiles, Group Policy Management and appropriate administrative permissions. Admins should plan storage capacity carefully, because each profile consumes server space, and large profiles can slow sign-in and sign-out.</p> <p data-end="5799" data-start="5419">Mixed Windows environments require extra care. Microsoft recommends using separate profile versions for different operating system versions to avoid unpredictable behavior or profile corruption. Folder redirection can also help keep user files such as documents and pictures outside the roaming profile so they remain available across OS versions and do not increase profile size.</p> <p data-end="6099" data-start="5804">IT should also be aware that some user customizations do not roam cleanly across all Windows scenarios. Microsoft documentation notes, for example, that Start menu customizations can be lost after an in-place OS upgrade when users are configured for roaming profiles and allowed to change Start.</p> </section> <section class="section main-article-chapter" data-menu-title="What options are there to manage roaming user profiles?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What options are there to manage roaming user profiles?</h2> <p data-end="7228" data-start="6956">Roaming profiles have been a standard and cost-effective way to deliver user settings across physical and virtual desktops for years. They are still a good basic option when an organization needs user settings to follow employees across domain-joined Windows environments.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> UE-V is an older technology, and IT teams should verify operating system support before considering it for a current deployment. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p data-end="7531" data-start="7233">Microsoft also released <a href="https://www.techtarget.com/searchvirtualdesktop/definition/Microsoft-UE-V-User-Experience-Virtualization">User Experience Virtualization</a>, or UE-V, in 2012. UE-V virtualizes user OS and application settings from a settings store on a file server. However, UE-V is an older technology, and IT teams should verify operating system support before considering it for a current deployment.</p> <p data-end="7996" data-start="7536">For many virtual desktop and Azure Virtual Desktop environments, FSLogix profile containers are now a common alternative. FSLogix redirects the user profile into a virtual hard disk stored on a supported storage provider, such as an SMB file share. At sign-in, the profile container attaches to the session so the user profile appears like a local profile. Microsoft positions FSLogix profile containers as the recommended user profile technology for Azure Virtual Desktop.</p> <p data-end="8316" data-start="8001">The best option depends on the environment. Roaming profiles can still fit simpler Windows desktop and virtual desktop needs, but organizations with nonpersistent desktops, Microsoft 365 app data, Azure Virtual Desktop or more complex profile requirements should evaluate FSLogix or another profile management tool.</p> </section> <section class="section main-article-chapter" data-menu-title="How to deploy a roaming profile"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to deploy a roaming profile</h2> <p>Before deployment, IT should decide whether roaming profiles are still the right profile management option for the environment. For newer virtual desktop deployments, nonpersistent desktops or Azure Virtual Desktop, FSLogix profile containers might be a better fit.</p> <p>Setting up roaming profiles tends to be a relatively easy and straightforward process. The first step is to create a share on a file server and to set up the appropriate permissions. Administrators will need full control, and end users -- who will be seen as creator owners -- will require full control over their own profile folders. Users should not have the ability to access someone else's profile folder.</p> <p>Once the necessary network share is in place, admins can create a <a href="https://www.techtarget.com/searchvirtualdesktop/tip/How-to-address-roaming-profiles-with-GPOs">Group Policy setting</a> that sets the profile path to the network share that IT created. There are also some other settings that admins can enable at the group policy level to fine-tune the behavior of roaming profiles. This includes folder redirection, but there are other settings related to things like caching or slow link detection.</p> <p><b>Editor's note: </b><i>This article was updated in May 2026 to reflect current Windows profile management considerations, including Windows 11, profile versioning and FSLogix profile containers.</i></p> <p><i>Brien Posey is a former 22-time Microsoft MVP and a commercial astronaut candidate. In his more than 30 years in IT, he has served as a lead network engineer for the U.S. Department of Defense and a network administrator for some of the largest insurance companies in America. </i></p> </section> Roaming profiles let user settings follow employees across Windows desktops, but IT must manage profile size, versioning and alternatives such as FSLogix. https://cdn.ttgtmedia.com/rms/onlineimages/collab_g1227412970.jpg https://www.techtarget.com/searchvirtualdesktop/answer/How-does-a-roaming-user-profile-work Wed, 20 May 2026 10:38:00 GMT What is a roaming profile, and how does it work? <p data-end="2870" data-start="2750">When organizations deploy a new virtual desktop environment, user profiles can significantly affect the user experience.</p> <p data-end="3178" data-start="2875">It's easy for IT administrators -- especially newer admins -- to focus on the virtual desktop image, applications and access policies while overlooking profile strategy. But profile management determines whether users keep the settings, files and personalization they need from one session to the next.</p> <p data-end="3546" data-start="3183">Roaming profiles remain one way to handle this need in nonpersistent virtual desktop environments, but they shouldn't be treated as the default choice for every deployment. IT teams should understand how roaming profiles work, how Group Policy Objects (<a href="https://www.techtarget.com/searchwindowsserver/definition/Group-Policy-Object">GPOs</a>) apply them and when newer profile management options such as FSLogix profile containers might be a better fit.</p> <p data-end="3722" data-start="3551">Note: The following guidance applies mainly to <a href="https://www.techtarget.com/searchvirtualdesktop/feature/Understanding-nonpersistent-vs-persistent-VDI">nonpersistent, rather than persistent, virtual desktops</a>. This is because persistent virtual desktops already retain more user customization between sessions.</p> <section class="section main-article-chapter" data-menu-title="What is a user profile?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What is a user profile?</h2> <p>User profiles include the option to modify settings such as the Start menu and taskbar appearance, background, and colors within a virtual desktop. For example, a left-handed user would be frustrated if their virtual desktop presented a right-handed mouse. Being able to designate the left or right mouse setting is not only important for user productivity, but it might also be a legal requirement.</p> <p>When users request a nonpersistent virtual desktop, they generally just access the base OS. The user profile strategy determines which settings the user can access and how the virtual desktop applies these settings.</p> </section> <section class="section main-article-chapter" data-menu-title="3 user profile options"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3 user profile options</h2> <p>There are three types of basic user profiles: local, mandatory and roaming.</p> <h3>1. Local profile</h3> <p>Temporary settings that the user configures on the virtual desktop are stored in what's considered a local profile. The virtual desktop platform creates a local profile at logon based on a copy of the default profile. Users might become frustrated with local profiles because they require them to adjust the same settings at the start of each session. For example, a left-handed mouse user will need to modify the left/right mouse setting at each logon. While local profiles are the default setting, they're often not optimal, and IT administrators should avoid them.</p> <h3>2. Mandatory profile</h3> <p>When the environment forces a profile upon users, and the users cannot permanently modify it, this is a mandatory profile. For example, a call center might deploy a mandatory profile for all agents that provides the corporate colors, streamlined presentation of application icons, and more. That left-handed user can modify the left/right mouse setting, but the virtual desktop won't write this into the mandatory profile. While these profiles are easy for IT admins to install and manage, mandatory profiles often frustrate users because they can't customize their virtual desktops.</p> <h3>3. Roaming profile</h3> <p>This type of profile enables users to modify and customize settings. When the left-handed user changes the left/right mouse setting, the desktop <a href="https://www.techtarget.com/searchvirtualdesktop/answer/How-does-a-roaming-user-profile-work">writes it to the roaming user profile</a>, and the virtual desktop saves it. Therefore, the left-handed mouse setting is in effect at the next virtual desktop session, and the user doesn't need to modify the setting again. From an administrative standpoint, roaming profiles have higher overhead and require more storage, but the <a href="https://www.techtarget.com/searchcio/definition/UX-user-experience">UX</a> is optimized and users are generally happier.</p> <p>With both mandatory and roaming profiles, the user profile is applied to the virtual desktop before the user accesses it. As a result, logon time might increase slightly while the environment loads the profile into the session.</p> <p>In addition to the basic user profile types, numerous third-party user profile management offerings are available. FSLogix profile containers are also a common Microsoft option for virtual desktop and Azure Virtual Desktop environments. IT departments often use these tools when they need faster sign-ins, better support for nonpersistent desktops, Microsoft 365 app data or more advanced profile management features than traditional roaming profiles provide.</p> </section> <section class="section main-article-chapter" data-menu-title="Why use roaming profiles for virtual desktops?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why use roaming profiles for virtual desktops?</h2> <p>Of the three inherent user profile types, roaming profiles provide the best UX because settings are personalized based on user modifications. Users typically only modify a few settings for their desired level of personalization, and this level of customization is important for usability, accessibility and productivity. </p> <p>That benefit still matters, but IT should balance it against the operational cost. Roaming profiles require careful storage planning, profile size control and attention to sign-in and sign-out performance. In modern virtual desktop environments -- especially nonpersistent desktops -- profile containers or third-party profile management tools might provide a better UX with less profile-copying overhead.</p> <p>Administratively, roaming profiles require more effort -- mainly configuration and storage. Configuration occurs through the roaming profile's GPO. User profiles can become quite large, thus affecting storage requirements and load times.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Mixed Windows environments require careful planning because profile formats, Start menu behavior and user customizations might not roam cleanly across every OS scenario. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>A roaming profile can become corrupted, in which case IT will need to restore the profile from storage. One common risk is using the same roaming profile across multiple Windows versions or builds without validating profile-version compatibility. Mixed Windows environments require careful planning because profile formats, Start menu behavior and user customizations might not roam cleanly across every OS scenario.</p> <p>Organizations often implement roaming profiles with <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Configuring-folder-redirection-works-with-roaming-profiles">folder redirection</a> to centralize user data and reduce roaming profile size. Folder redirection is especially useful for keeping large user folders, such as Documents and Desktop, outside the roaming profile. IT should configure folder redirection before enabling roaming profiles so user files don't become part of the profile and increase sign-in and sign-out times.</p> </section> <section class="section main-article-chapter" data-menu-title="How to deploy roaming profiles using Group Policy Objects"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to deploy roaming profiles using Group Policy Objects</h2> <p>Before configuring roaming profiles through GPOs, IT should confirm that roaming profiles are still the right profile management option for the environment. For large nonpersistent VDI deployments, sessions that rely heavily on Microsoft 365 app data, or AVD, FSLogix profile containers or another profile management tool might be a better fit.</p> <p>Once the IT department determines that roaming profiles are the best option for the virtual desktop environment, setting them up through the roaming profiles GPO is straightforward. Many organizations enable roaming profiles only for virtual desktops and use a centralized profile management approach to deliver a more consistent user experience.</p> <p>Keep in mind there are two possible ways to configure roaming profiles: a roaming profile for all user sessions, or a roaming profile that applies only to remote desktop sessions. These instructions apply only to remote desktops. Also, if both a standard roaming profile and a remote desktop roaming profile are in place, the remote desktop roaming profile will apply itself to the remote sessions.</p> <p>IT administrators should configure GPOs within Active Directory Group Policy Management. The organization unit where the virtual desktops reside should be the <a href="https://docs.microsoft.com/en-us/windows-server/storage/folder-redirection/deploy-roaming-user-profiles" target="_blank" rel="noopener">basis</a> for the roaming profiles' <a href="https://www.techtarget.com/searchenterprisedesktop/tip/When-does-AD-domain-joined-Group-Policy-override-local">GPO designation</a>. IT should also assign the appropriate security group or groups. In addition, IT must designate a file share location with ample storage to house the roaming profiles.</p> <p>IT administrators should enable roaming profiles for virtual desktops as a computer GPO. Specifically, they should configure it within this GPO: Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Profiles. </p> <p>Then, choose <strong>Set path for Remote Desktop Services Roaming User Profile</strong>. Within the Profile path box, administrators should designate the storage location. In addition, IT should append %username% to provide a unique profile directory for each user (Figure 1).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/roaming_profile_gpo.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/roaming_profile_gpo_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/roaming_profile_gpo_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/roaming_profile_gpo.jpg 1280w" alt="Group Policy interface showing the profile path setting for Remote Desktop Services roaming user profiles." height="383" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. Admins can set the Remote Desktop Services roaming profile path in Group Policy and append %username% to create unique profile folders. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Within many organizations, virtual desktop administrators might not have security clearance to configure roaming profile GPOs. Organizations should ensure that admins have a lab environment to thoroughly <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-IT-can-use-the-gpresult-command-to-check-GPOs">test roaming profile GPO settings</a> before creating a change control order for production rollout.</p> <p>After deployment, IT should monitor profile size, sign-in duration, sign-out duration, storage consumption and profile corruption incidents. Those metrics can help determine whether roaming profiles are still meeting user needs or whether the environment should move to FSLogix or another profile management approach.</p> <p><strong data-end="1887" data-start="1869">Editor's note:</strong> <em>This article was updated in May 2026 to reflect current Windows profile management considerations, including Windows 11, profile versioning, folder redirection and FSLogix profile containers.</em></p> <p><em>Jo Harder has been involved with virtualization for over 19 years. She focuses on Citrix virtualization solutions and has been a Citrix Technology Professional (CTP) for four years. </em></p> </section> Roaming profiles can personalize nonpersistent virtual desktops, but IT should plan GPOs, folder redirection, profile versions and FSLogix alternatives. https://cdn.ttgtmedia.com/rms/onlineimages/keyboard_g164210754.jpg https://www.techtarget.com/searchvirtualdesktop/tip/How-to-address-roaming-profiles-with-GPOs Wed, 20 May 2026 00:00:00 GMT How to address roaming profiles with GPOs <p data-end="3723" data-start="3455">When a remote desktop keyboard stops working, the problem is not always the keyboard itself. In many cases, the issue stems from client focus, session settings, keyboard layout mismatches or how the remote environment is handling redirected input.</p> <p data-end="3955" data-start="3725">For IT teams supporting hybrid work, this kind of failure can block access to business apps and slow down support quickly. Start with the local device and client, then move to session-level settings inside the remote environment.</p> <section class="section main-article-chapter" data-menu-title="1. Make sure the keyboard is functional"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Make sure the keyboard is functional</h2> <p>The first thing you should do is make sure the local hardware is functioning properly. After all, if the keyboard isn't working properly on the local computer, then it won't function within a remote desktop. To test the keyboard, open an application other than the remote desktop client and see if you can successfully type a few keystrokes.</p> <p>Also check whether Sticky Keys or Filter Keys were enabled accidentally on the local or remote machine, especially if modifier keys seem stuck or repeated keystrokes are being ignored.</p> <p>You also need to consider if a keyboard is largely functional, yet still somewhat problematic for <a href="https://www.techtarget.com/searchcio/definition/UX-user-experience">UX</a>. A wireless keyboard might not have any hardware problems, but it could be experiencing radio interference. When this happens, there can be a significant lag or missing input as users type keystrokes. This might occur because the receiver was installed in a USB port on the back of the computer case and the large metal case was blocking a lot of the <a href="https://www.techtarget.com/searchnetworking/definition/radio-frequency">radio</a> signals. Relocating the receiver to a USB hub should fix the problem.</p> </section> <section class="section main-article-chapter" data-menu-title="2. Determine if the problem is specific to a certain application"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Determine if the problem is specific to a certain application</h2> <p>Next, IT should check to see if the issue is specific to a particular application on the remote desktop.</p> <p>First, log in to the remote desktop and open a basic application such as Notepad. If you find that you can use the keyboard in Notepad, but not in a particular application, then the problem is specific to that application. Otherwise, the problem pertains to the RDP session itself. Similarly, it might be worth testing the keyboard with a different remote desktop.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> For IT teams supporting hybrid work, this kind of failure can block access to business apps and slow down support quickly. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> </section> <section class="section main-article-chapter" data-menu-title="3. Check if another window is selected"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Check if another window is selected</h2> <p>The next step is to see if the remote desktop client is selected as the active window. This step sounds almost too simple to be the root cause, but it can cause issues for even the most experienced administrators. If you are running a remote desktop session in a window and an application on your local machine is selected, then keystrokes will be directed to the local hardware rather than to the remote computer.</p> <p>If the remote desktop session and the correct application are selected, try pressing the Windows key a few times. You can resolve some remote desktop keyboard issues by pressing this key several times.</p> </section> <section class="section main-article-chapter" data-menu-title="4. Review the remote desktop client settings"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Review the remote desktop client settings</h2> <p data-end="730" data-start="381">If you have been unable to resolve the problem after steps 1-3, review the settings in the client the user is actually using. In many environments, that still means the native Windows Remote Desktop Connection client, but some users now connect through Windows App or a browser-based remote desktop client, and keyboard behavior can vary by client.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/remote_desktop_keyboard_connection_1-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/remote_desktop_keyboard_connection_1-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/remote_desktop_keyboard_connection_1-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/remote_desktop_keyboard_connection_1-h.jpg 1280w" alt="Remote Desktop Connection client showing the Local Resources tab and keyboard setting." data-credit="Brien Posey" height="338" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. In the Remote Desktop Connection client, the Local Resources tab controls how Windows key combinations are handled in the remote session. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p data-end="1022" data-start="738">To get started, open the Remote Desktop Connection client, but do not click the Connect button. Instead, click the Show Options link in the lower-left corner. This will expand the Remote Desktop Connection client window and reveal additional options. Select the <strong>Local Resources</strong> tab.</p> <p data-end="1382" data-start="1030">The Local Resources tab contains a Keyboard section (Figure 1). By default, the client is configured to direct key combinations -- but not all keystrokes -- to the remote machine only when the remote computer is running in full-screen mode. You can change this behavior by selecting the <strong>On the remote computer</strong> option from the keyboard drop-down menu.</p> <p data-end="1382" data-start="1030">If the user is trying to unlock the remote session or open Windows Security, remind them to use<strong> Ctrl+Alt+End</strong>, which sends Control+Alt+Delete to the remote session.</p> <p data-end="1567" data-start="1390">If the user is connecting through Windows App or a web client instead of mstsc.exe, also verify the remote keyboard layout or input mode before assuming the keyboard has failed.</p> </section> <section class="section main-article-chapter" data-menu-title="5. Check keyboard layout and input mode"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. Check keyboard layout and input mode</h2> <p data-end="7161" data-start="6861">Not every keyboard problem is a broken keyboard redirection path. Sometimes the local keyboard layout, the remote session's selected layout or the client's input mode causes keys to map incorrectly or not behave as expected.</p> <p data-end="7593" data-start="7163">This is especially worth checking if letters or symbols are wrong, shortcuts misfire, or the issue appears only in a browser-based session or on a Mac connecting to Windows. In the Remote Desktop web client, admins can select an alternative remote keyboard layout before connecting. In Windows App, Microsoft notes that keyboard language, scancode vs. Unicode mode and some non-English layouts can change how input is interpreted.</p> <p data-end="7765" data-start="7595">If needed, verify the language pack and keyboard layout in Windows on the remote machine, disconnect and reconnect the session, and then retest the affected application.</p> </section> <section class="section main-article-chapter" data-menu-title="6. Check the Device Manager on the remote desktop"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6. Check the Device Manager on the remote desktop</h2> <p>If you are still having problems with the keyboard in your remote desktop session, check the Device Manager to see if the Windows OS is reporting any problems with the keyboard.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/remote_desktop_keyboard_connection_2-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/remote_desktop_keyboard_connection_2-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/remote_desktop_keyboard_connection_2-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/remote_desktop_keyboard_connection_2-h.jpg 1280w" alt="Device Manager in a remote session showing a redirected keyboard device entry." data-credit="Brien Posey" height="281" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. In Device Manager, the remote session should expose a keyboard device entry even though the physical keyboard remains local. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The exact method for this step varies slightly from one version of Windows to the next. <a href="https://www.techtarget.com/whatis/feature/Windows-11-explained-Everything-you-need-to-know">For most newer Windows OSes</a>, however, you should be able to right-click on the <b>Start</b> button, then select the <b>Device Manager</b> option from the resulting menu. When the Device Manager opens, expand the <b>Keyboards</b> section. Assuming that you are working within the remote desktop, you should see a keyboard device named Remote Desktop Keyboard Device (Figure 2). However, depending on the version of Windows you are using and where the remote desktop is being hosted, the Device Manager's reference to the remote keyboard might be called something else, such as Microsoft Hyper-V Virtual Keyboard.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/remote_desktop_keyboard_connection_3-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/remote_desktop_keyboard_connection_3-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/remote_desktop_keyboard_connection_3-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/remote_desktop_keyboard_connection_3-h.jpg 1280w" alt="Keyboard device properties window showing device status in a remote session." data-credit="Brien Posey" height="319" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 3. The keyboard device status can confirm whether Windows sees the redirected keyboard as functioning normally. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Normally, if the Remote Desktop Keyboard Device is having any problems, you will see an error or a warning icon superimposed over the keyboard icon. However, there is another way to check for issues with the remote desktop's keyboard. Simply right-click on the Remote Desktop Keyboard Device and select the <b>Properties</b> command from the shortcut menu.</p> <p>The resulting screen will display a status and will tell you whether the device is working properly (Figure 3). If the issues persist, you can use the <b>Driver</b> tab to make sure the correct keyboard driver is loaded.</p> </section> <section class="section main-article-chapter" data-menu-title="What to do if these steps don't work"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What to do if these steps don't work</h2> <p data-end="9094" data-start="8795">You can narrow down the problem by testing the same session from another endpoint and testing the same endpoint against another remote desktop. That helps determine whether the failure is tied to the local device, the remote session, a specific client or a specific application.</p> <p data-end="9397" data-start="9096">If the keyboard appears to fail only at a credential prompt, check recent Windows security updates before assuming keyboard redirection is broken. Microsoft documented in January 2026 that some credential dialogs <a href="https://support.microsoft.com/en-au/topic/new-behavior-restricting-certain-applications-to-autofill-credentials-introduced-by-the-windows-january-2026-security-update-29c0bc94-2588-41f9-8534-f058aa5214d5" target="_blank" rel="noopener">might not respond</a> to virtual keyboard input from remote desktop or screen sharing tools.</p> <p data-end="9592" data-start="9399">If the issue remains unresolved, review Windows event logs and client logs, then standardize the client and keyboard settings that work so support teams can reproduce the issue consistently.</p> <p><b>Editor's note:</b> <em>This article was originally published in 2023 and was updated in 2026 to reflect current remote desktop client, keyboard layout and Windows input behavior. </em></p> <p><i>Brien Posey is a former 22-time Microsoft MVP and a commercial astronaut candidate. In his more than 30 years in IT, he has served as a lead network engineer for the U.S. Department of Defense and a network administrator for some of the largest insurance companies in America.</i></p> </section> When a remote desktop keyboard stops responding, IT admins should check local hardware, client settings, keyboard layout mismatches and the remote session’s device status. https://cdn.ttgtmedia.com/rms/onlineimages/keyboard_g1077903946.jpg https://www.techtarget.com/searchvirtualdesktop/tip/How-to-fix-keyboard-connection-issues-on-a-remote-desktop Wed, 15 Apr 2026 12:19:00 GMT How to fix keyboard connection issues on a remote desktop <p>Establishing a Windows remote desktop session is normally a simple and reliable process, but IT professionals still need to be ready for remote desktop issues to pop up.</p> <p>For example, administrators might find that the remote machine refuses the Remote Desktop Protocol (<a href="https://www.techtarget.com/searchenterprisedesktop/definition/Remote-Desktop-Protocol-RDP">RDP</a>) connection. Fortunately, troubleshooting the problem is usually a straightforward process. In many cases, the issue is not the RDP session itself, but something tied to <a href="https://www.techtarget.com/searchvirtualdesktop/tip/How-to-change-the-password-of-an-RDP-session">saved credentials</a>, account permissions or the machine being targeted.</p> <p>When everything is working properly, establishing a <a href="https://www.techtarget.com/searchenterprisedesktop/definition/remote-desktop">remote desktop</a> session is a simple process. Admins only need to open the Remote Desktop client -- also known as the RDP Client or the Remote Desktop Connection (RDC) app -- and enter the name or IP address of the endpoint that will host the connection. Then, it's as simple as clicking the Connect button to establish the session. If the RDP client has saved credentials on hand from a previous session, then the new session automatically uses them.</p> <p>Otherwise, the client prompts you to enter a username and password. If these <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Understanding-remote-desktop-connection-management-tools">don't yield a successful RDC connection</a>, then IT administrators should take troubleshooting steps to determine and address the root cause of the issue.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">What to check first when RDP credentials fail</h3> <p>Before assuming the password is wrong, check the basics first. Confirm that the account is being entered in the right format, that saved credentials are current, that the account is not locked out and that the user still has remote access permissions. After that, check whether TCP Port 3389 is reachable and whether the client is targeting the correct machine and DNS record.</p> </div> </div> <section class="section main-article-chapter" data-menu-title="1. Make sure the credentials are correct"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Make sure the credentials are correct</h2> <p>The first step is to make sure the credentials are actually correct and entered in the right format. One of the more common mistakes is leaving the domain name out of the credential set.</p> <p>Consider an IT professional logging in with an administrator account for the example domain <em>PoseyLab</em>. If the IT pro types <em>Administrator</em> instead of <em>PoseyLab\Administrator</em>, then the client would attempt to log in using <a href="https://www.techtarget.com/searchwindowsserver/tip/How-to-work-with-the-new-Windows-LAPS-feature">the endpoint's local administrator account</a> rather than the domain administrator account. Odds are that the local administrator account lacks the permissions to log on to the machine remotely. Even if the required permissions do exist, the local administrator account probably does not have the same password as the domain administrator account, so the logon won't be successful.</p> </section> <section class="section main-article-chapter" data-menu-title="2. Update the saved credentials"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Update the saved credentials</h2> <p>One common cause of remote desktop credential problems is a set of cached credentials that are no longer valid. This usually happens after a password change, when the RDP client is still trying to authenticate with the old password.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/remote_desktop_connection_troubleshooting_1-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/remote_desktop_connection_troubleshooting_1-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/remote_desktop_connection_troubleshooting_1-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/remote_desktop_connection_troubleshooting_1-h.jpg 1280w" alt="The Remote Desktop Connection menu showing the general settings tab." height="251" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. Click the 'edit' hyperlink to refresh the saved credentials. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>In many cases, the client will prompt for a new password after the old one fails. If that prompt <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Steps-to-fix-a-black-screen-on-a-Windows-11-remote-desktop">does not appear</a>, the admin might need to update the saved credentials manually.</p> <p>The easiest way to do this is to open the RDP client, choose the computer to connect to and then click on the <strong>Show Options</strong> link. This expands the interface to reveal the Logon settings section. The Logon settings section contains an <strong>edit</strong> link (Figure 1). Clicking this hyperlink opens a prompt that enables an admin to enter and save a new password.</p> </section> <section class="section main-article-chapter" data-menu-title="3. Make sure that the account is not locked out"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Make sure that the account is not locked out</h2> <p>If an admin has completed the first two steps and the remote desktop connection credentials are still not working, the next step is to make sure the account has not been locked out. Most organizations configure their Active Directory environments to <a href="https://www.techtarget.com/searchsecurity/tip/Account-lockout-policy-Setup-and-best-practices-explained">automatically lock accounts</a> after too many invalid login attempts as an RDP security measure.</p> <p>Even if the account was not initially locked out, failed attempts at establishing an RDP session with the remote machine count as logon attempts and might lead to a lockout. It's a good idea to check whether the account is locked and manually <a href="https://www.techtarget.com/searchwindowsserver/tip/How-to-fix-Active-Directory-account-lockouts-with-PowerShell">override the lockout</a> if it is in place.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> One common cause of remote desktop credential problems is a set of cached credentials that are no longer valid. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> </section> <section class="section main-article-chapter" data-menu-title="4. See if the account has remote access permissions"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. See if the account has remote access permissions</h2> <p>Another thing to check is whether the account you are using has permission to log on to the remote machine through an RDP session. Even with a successful RDP connection in place from a prior session, it's always possible that the permission was somehow removed accidentally. Unfortunately, checking the remote access permissions means that <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Fixing-issues-with-a-computer-mouse-on-a-remote-desktop">someone has to log on to the machine locally</a>.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/remote_desktop_connection_troubleshooting_2-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/remote_desktop_connection_troubleshooting_2-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/remote_desktop_connection_troubleshooting_2-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/remote_desktop_connection_troubleshooting_2-h.jpg 1280w" alt="The Remote Desktop settings on a Windows machine within the Multitasking tab." height="268" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. Make sure that Remote Desktop is turned on, and then click the link to 'Select users that can remotely access the PC.' </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The exact steps of this process can vary considerably depending on the version of Windows that the remote machine runs on. With <a href="https://support.microsoft.com/en-us/windows/get-the-latest-windows-update-7d20e88c-0568-483a-37bc-c3885390d212" target="_blank" rel="noopener">most modern versions</a> of Windows, right-click on the <strong>Start</strong> button, and then choose the <strong>System</strong> command from the shortcut menu. Then, select the <strong>Remote Desktop</strong> tab, and make sure that the <strong>Enable Remote Desktop</strong> setting is turned on. Next, click on the <strong>Select users that can remotely access this PC</strong> link found at the bottom of the screen (Figure 2).</p> <p>Then, verify and, if necessary, add accounts that can establish remote desktop sessions with the machine in question.</p> </section> <section class="section main-article-chapter" data-menu-title="5. Check the firewall"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. Check the firewall</h2> <p>Next, administrators should check if RDP traffic is able to flow between the remote machine and the local machine. The protocol that nearly all RDP clients use is <a href="https://www.techtarget.com/searchnetworking/definition/TCP">TCP</a> Port number 3389. Make sure that Windows Firewall on the remote machine is not blocking access to this port. The same also holds true for any other <a href="https://www.techtarget.com/searchsecurity/definition/firewall">firewalls</a> that exist between the two machines.</p> </section> <section class="section main-article-chapter" data-menu-title="6. Verify that the connection is targeting the correct machine"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6. Verify that the connection is targeting the correct machine</h2> <p>One more step that IT administrators can take if they are having trouble connecting to the remote machine is to verify they are connecting to the correct machine. Begin the process on the remote machine by right-clicking the <strong>Start</strong> button and choosing the <strong>System</strong> command from the shortcut menu. From the <strong>About</strong> tab within the <strong>Settings</strong> window, click on the <strong>System Info</strong> link. This yields some basic information for the remote machine. Verify both the machine name and the name of the domain that the machine is connected to (Figure 3).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/remote_desktop_connection_troubleshooting_3-f.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/remote_desktop_connection_troubleshooting_3-f_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/remote_desktop_connection_troubleshooting_3-f_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/remote_desktop_connection_troubleshooting_3-f.jpg 1280w" alt="The Control Panel displaying the approved settings for the remote desktop connection." height="294" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 3. Verify the remote machine’s computer name and domain name in Settings. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>With the computer and domain names confirmed, the admin should verify the computer's IP address. The easiest way to do this is to open a Command Prompt window and enter the following command:</p> <pre><span style="font-family: courier new, courier, monospace;">IPCONFIG /All</span></pre> <p>This lists the remote machine's IP address, as well as the address of the domain name server that it is using. Finally, look at the domain name server to ensure that the DNS record for the machine lists the correct computer name and IP address.</p> <p>While remote desktop credential failures often look like small support issues, they can also point to bigger problems around access control, credential hygiene and basic configuration management. For IT leaders, reducing these kinds of failures is not just about fixing one connection at a time. It is also about making remote access more reliable and easier to support at scale.</p> <p><strong>Editor's note:</strong> <em>This article was originally published in 2024 and updated in April 2026 to reflect current remote desktop troubleshooting practices and improve clarity.</em></p> <p><span style="box-sizing: border-box; margin: 0px; padding: 0px;"><em>Brien Posey is a former 22-time Microsoft MVP and a commercial astronaut candidate. In his more than 30 years in IT, he has served as a lead network engineer for the U.S. Department of Defense and a network administrator for some of the largest insurance companies in America. </em></span></p> </section> When remote desktop credentials fail, admins should verify account format, cached credentials, lockout status, access permissions, firewall settings and DNS targeting. https://cdn.ttgtmedia.com/rms/onlineimages/arvr_g1273484747.jpg https://www.techtarget.com/searchvirtualdesktop/tip/6-steps-for-when-remote-desktop-credentials-are-not-working Wed, 08 Apr 2026 14:11:00 GMT 6 steps for when remote desktop credentials are not working <p>Many organizations use virtual desktops to provide flexible workspaces for employees and other users. Some deploy virtual desktop infrastructure (VDI) products, hosted on-premises or in the cloud. Others adopt cloud-based desktop as a service (DaaS) from third-party vendors. Still others use a combination of the two to meet their specific desktop requirements.</p> <p>Regardless of how an organization plans to <a href="https://www.techtarget.com/searchvirtualdesktop/answer/How-do-virtual-desktops-work">deliver its virtual desktops</a>, CIOs and other decision-makers must ensure that virtual desktop environments and their data are fully protected and comply with applicable regulations. For this, they need a carefully planned security strategy that reflects broader governance, risk management, incident response and other considerations.</p> <section class="section main-article-chapter" data-menu-title="Virtual desktop security issues"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Virtual desktop security issues</h2> <p>Virtual desktops can help reduce security and compliance risks because most data resides in the data center rather than on individual endpoints. Users access their desktop environments over the internet or corporate network, with little to no data kept on their computers. The desktops are also centrally managed and secured, making it easier to apply granular protections and prevent unauthorized remote access.</p> <p>Despite these advantages, virtual desktops can still pose security risks, whether <a href="https://www.techtarget.com/searchvirtualdesktop/feature/Compare-desktop-virtualization-options-DaaS-vs-VDI">delivered through DaaS or VDI.</a> The following are some of the more common virtual desktop security concerns that IT teams can face:</p> <ul type="disc" class="default-list"> <li><b>Identity compromise.</b> User login identities can be compromised through phishing, password spraying, credential stuffing and other forms of credential theft, enabling an attacker to log in to the virtual desktop as a legitimate user and access corporate resources. If the compromised user account has elevated privileges, the attacker might be able to access highly sensitive data or introduce malware into the network.</li> <li><b>Session hijacking.</b> An attacker might take control of an active user session through packet sniffing, an adversary-in-the-middle attack, cross-site scripting or other means. The attacks might exploit vulnerabilities or misconfigurations in exposed gateways, connection brokers or remote desktop protocols, letting them bypass authentication requirements and operate within the trusted session.</li> <li><b>Data exfiltration.</b> Although virtual desktops help centralize and protect data, that data can still be transferred out of the secure environment in several ways, including as screen captures, printing, copy-and-paste operations, drive mapping and clipboard redirection. Data exfiltration can be caused by a careless user, a malicious user or an outside attacker. In a cloud environment, such as DaaS, the use of multi-tenant resources can also lead to data leakage due to misconfigured resources.</li> <li><b>Compliance exposure.</b> Centralized desktop services, whether delivered via VDI or DaaS, can make it more difficult to ensure an organization complies with applicable regulatory standards such as HIPAA or GDPR. Misconfigured settings, access controls or infrastructure components, such as desktop pools or shared images, can lead to data exposure and compliance violations. Virtual desktops also increase auditing complexity due to the virtual infrastructure itself and the distributed endpoints, particularly unmanaged and BYOD devices.</li> </ul> <p>Decision-makers must also determine whether to use <a href="https://www.techtarget.com/searchvirtualdesktop/feature/Understanding-nonpersistent-vs-persistent-VDI">persistent or nonpersistent desktops</a>. Persistent desktops are much like physical machines. Each user is assigned a dedicated VM that can be personalized and updated. The VM retains the user's configuration settings and data across sessions. When the user logs off the desktop, the settings and data are retained in the same state until the user logs back in.</p> <p>A nonpersistent desktop does not retain configuration settings and data across sessions. The desktop environment is generated from a golden image or template when the user first logs on. When the user ends the session, the desktop environment, with all its settings and data, is deleted. Nonpersistent desktops simplify management and are generally more secure, but they are much less convenient for regular users. </p> <table class="main-article-table" style="width: 746px; height: 163px;"> <thead> <tr style="height: 55px;"> <td style="width: 170.266px; height: 55px;"><b>Security mechanism</b></td> <td style="width: 261.328px; height: 55px;"><b>Persistent desktops</b></td> <td style="width: 304.406px; height: 55px;"><strong>Nonpersistent desktops</strong></td> </tr> </thead> <tbody> <tr style="height: 18px;"> <td style="width: 170.266px; height: 18px;"> <p><b>Zero-trust principles</b></p> <p><b></b></p> </td> <td style="width: 261.328px; height: 18px;">Because virtual desktops persist data, attacks can also persist across sessions. Desktops must be managed like physical machines, with continuous monitoring, encryption, advanced threat detection and strict access controls.</td> <td style="width: 304.406px; height: 18px;">Data does not persist across sessions. Users start with a clean desktop image, with policies applied at launch. Monitoring and identity management occur at the session level, with zero-trust enforcing isolation and verification. Session data is discarded at logoff, and updates are applied to the golden image.</td> </tr> <tr style="height: 18px;"> <td style="width: 170.266px; height: 18px;"><b>Conditional access</b></td> <td style="width: 261.328px; height: 18px;">Conditional access policies can be applied at a more granular level with persistent desktops, consistent with how they would be applied to physical desktops. The policies can also support device identity and compliance, as well as restrict operating environments, locations and times to meet specific security and workload requirements. Long-term device identity can help simplify the login process.</td> <td style="width: 304.406px; height: 18px;">Conditional access policies are enforced at the session level only and reapplied at the beginning of each new session. Access tokens are not retained after the user logs out. Nonpersistent desktops often require frequent authentication while relying on continuous real-time monitoring, session validation and dynamic adjustments. Patching and compliance are handled in the golden image. Users are provided with a clean environment each time they log in.</td> </tr> <tr style="height: 18px;"> <td style="width: 170.266px; height: 18px;"><b>Endpoint hardening</b></td> <td style="width: 261.328px; height: 18px;">The virtual desktop is managed much like a physical endpoint. The operating environment should be regularly patched and updated to minimize vulnerabilities. The virtual desktop should also be continuously monitored for malicious activity, with strong endpoint and data protection put into place. The virtual desktop should also be monitored for drift from configuration baselines.</td> <td style="width: 304.406px; height: 18px;">Most of the hardening effort should focus on the golden image that underpins the virtual desktops. The image should be patched and updated as needed, with base security policies applied. Application delivery should be carefully managed and controlled through application whitelisting. Desktop monitoring should be session-based and focused on real-time behavior, with users granted minimal privileges to minimize risks.</td> </tr> </tbody> </table> <p>Organizations are not limited to using only persistent or only nonpersistent desktops. They can use a combination of the two based on their user and workload requirements. For example, an organization might use persistent virtual desktops for its regular employees and nonpersistent desktops for temporary workers.</p> </section> <section class="section main-article-chapter" data-menu-title="Working with cloud providers"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Working with cloud providers</h2> <p>If an organization plans to use DaaS for its virtual desktops, CIOs and other decision-makers should be aware of how virtual desktop security responsibilities are divided between the organization and service provider. </p> <table class="main-article-table" style="width: 735px; height: 163px;"> <thead> <tr style="height: 55px;"> <td style="width: 166.562px; height: 55px;"><b>Security mechanism</b></td> <td style="width: 254.578px; height: 55px;"><b>Vendor responsibilities</b></td> <td style="width: 303.859px; height: 55px;"><strong>Organization responsibilities</strong></td> </tr> </thead> <tbody> <tr style="height: 18px;"> <td style="width: 166.562px; height: 18px;"> <p><b>Audit logging</b></p> <p><b></b></p> </td> <td style="width: 254.578px; height: 18px;">The vendor logs infrastructure and core services (e.g., servers and hypervisors), ensures that logging operations and protections comply with applicable regulations (e.g., HIPAA or GDPR) and provides tools for log access.</td> <td style="width: 303.859px; height: 18px;">The organization prioritizes logging application, data and user activity to meet regulatory and business requirements (e.g., HIPAA). It also ensures logs are protected and available for audit.</td> </tr> <tr style="height: 18px;"> <td style="width: 166.562px; height: 18px;"><b>Encryption</b></td> <td style="width: 254.578px; height: 18px;">The vendor ensures that customer data residing on its infrastructure is fully encrypted at rest and in transit, in accordance with industry standards. The data might include storage volumes, VM images and control plane traffic.</td> <td style="width: 303.859px; height: 18px;">The organization provides end-to-end encryption for all data within virtual desktops and its managed data stores, as well as for all data in transit between external stores. The organization might also need to manage encryption keys.</td> </tr> <tr style="height: 18px;"> <td style="width: 166.562px; height: 18px;"><b>Policy enforcement</b></td> <td style="width: 254.578px; height: 18px;">The vendor implements and enforces policies that protect the core infrastructure and services (e.g., access policies, network segmentation, patching strategies, firewall management and hypervisor security). Vendors often enact policies in accordance with regulations such as GDPR, PCI DSS, HIPAA, CCPA and others.</td> <td style="width: 303.859px; height: 18px;">The organization implements and enforces policies that govern user behavior on virtual desktops and control how users interact with data protected by applicable regulations. It enforces access controls, acceptable use policies, application restrictions and data and configuration management.</td> </tr> <tr> <td style="width: 166.562px;"><b>Session isolation</b></td> <td style="width: 254.578px;">The vendor ensures that the infrastructure, virtualization layer and related services provide the necessary isolation across tenant and VM environments. It uses strong security policies and real-time monitoring to continuously prevent data leakage across tenants, desktops or sessions.</td> <td style="width: 303.859px;">The organization should restrict virtual desktop access to approved users and enforce authorization controls on data and sharing. It should also apply session policies (e.g., timeouts, lockouts and reauthentication) and implement controls over data storage and flow to prevent data leakage.</td> </tr> </tbody> </table> <p>When considering a DaaS vendor, the organization should fully understand how the provider secures data, the protections it provides and the features it offers for managing security and auditing logs. The organization should also ensure that it remains compliant with applicable regulations while users access those virtual desktops.</p> </section> <section class="section main-article-chapter" data-menu-title="Developing a virtual desktop security strategy"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Developing a virtual desktop security strategy</h2> <p>Organizations planning to deploy virtual desktops should first develop a security strategy that ensures their delivery is secure and they are compliant with applicable regulations. The following are nine recommendations CIOs should consider when implementing their virtual desktops:</p> <ol type="1" start="1" class="default-list"> <li><b>Plan the virtual desktop environment.</b> Before deploying virtual desktops, organizations should determine desktop requirements and the measures needed to protect those desktops and their data. This includes identifying the number and types of users, as well as where and how they will work, taking into account both current and future needs. They should also assess existing infrastructure and software systems to determine whether VDI, DaaS or a combination of both is most appropriate. In addition, organizations should evaluate how workloads will be distributed across on-premises and cloud environments, along with additional infrastructure required to support the deployment.</li> <li><b>Integrate data governance.</b> The organization's <a href="https://www.techtarget.com/searchdatamanagement/tip/5-data-governance-framework-examples">data governance framework</a>, whether already implemented or in the planning phase, should incorporate its virtual desktop initiative. The framework should include security and privacy policies that protect data at rest and in transit, using standards-based encryption that complies with applicable regulations. The governance strategy should also define the organization's data identity and access management (IAM) policies for virtual desktops, as well as its data loss prevention policies. It might consider establishing a council or committee to oversee the data governance strategy for implementing virtual desktops.</li> <li><b>Establish a risk assessment framework.</b> Risk assessment, as it pertains to the organization's DaaS or VDI environment, should be an ongoing, formalized effort that <a href="https://www.techtarget.com/searchsecurity/tip/How-to-perform-a-data-risk-assessment-step-by-step">identifies potential security vulnerabilities</a>. The assessment strategy should consider how technologies are implemented, how data flows, where it is stored, how desktop images are hosted and managed, and how users interact with their desktops and data. IT and security teams must fully understand the threat landscape and potential vulnerabilities, while maintaining a full inventory of all assets and their ownership.</li> <li><b>Plan the monitoring and auditing strategy.</b> The organization's virtual desktop environment should be continuously monitored and audited. This includes implementing automated monitoring to detect anomalous behavior and potential threats in real time, with alerts sent to key stakeholders. The strategy should also incorporate regular audits of the environment. Organizations might benefit from <a href="https://www.techtarget.com/searchsecurity/tip/A-leaders-guide-to-integrating-EDR-SIEM-and-SOAR">tools such as EDR, centralized security information and event management</a> and user and entity behavior analytics.</li> <li><b>Implement an incident response plan.</b> An effective incident response strategy is essential to minimizing the effect of a security event and ensuring a quick recovery. The response plan should clearly define roles and responsibilities and provide step-by-step instructions (playbooks) for responding to specific incident types. The instructions should account for issues such as isolation, log collection, forensic and root-cause analyses, and incident documentation requirements. The security team should also regularly review and test the response plan and conduct drills to ensure its effectiveness.</li> <li><b>Implement an infrastructure and platform management strategy.</b> Before deploying virtual desktops, organizations should develop a plan that outlines how the infrastructure and virtualization platform will be managed. This approach will vary depending on whether the organization is using VDI, DaaS or a combination of both. Organizations should evaluate existing management tools and identify any additional tools needed going forward. They should also enforce the appropriate administrative access controls, following the principles of least privilege. In addition, network security planning should address factors such as segmentation, transport protocols and connection brokers, as well as patching, updating, auditing and logging.</li> <li><b>Deploy a virtual desktop management strategy.</b> Virtual desktops must also be properly managed and secured. The approach will depend on whether the desktops are based on VDI or DaaS, and whether they are persistent, nonpersistent, or a combination of both. In VDI environments, IT teams should patch, update and harden golden images, ensuring they are properly protected. For persistent desktops, IT should also maintain those VMs just like physical desktops. In addition, organizations should implement the necessary remote access controls and <a href="https://www.techtarget.com/searchvirtualdesktop/answer/What-are-the-biggest-pros-and-cons-of-VDI">manage desktop lifecycles</a> and disposition.</li> <li><b>Implement an endpoint management strategy.</b> Virtual desktops offer users flexibility, enabling them to work across devices and locations. However, endpoints introduce security risks that must be addressed. Where possible, endpoints should be fully managed by IT, hardened, patched and <a href="https://www.techtarget.com/searchvirtualdesktop/feature/How-VDI-supports-compliance-in-regulated-industries">aligned with compliance baselines</a>. They should run antimalware, and all virtual desktop connections should be continuously monitored. If BYOD devices are supported, organizations should apply the most restrictive conditional access controls on them.</li> <li><b>Establish effective communications.</b> All virtual desktop users should receive the education and training they need to understand the security risks that come with virtual desktops. They should also understand the steps they can take to mitigate risks and respond to suspected security incidents. Leadership should supply users with the documentation, standards, policies and procedures they need to proactively minimize risks. Leadership should also establish a reporting channel and feedback loop that encourages open communication with key stakeholders.</li> </ol> <p>CIOs and their teams should take the necessary steps to protect their virtual desktops and associated data, as well as the platforms that support them. These recommendations can provide a good starting point, but IT teams should also consider other factors that could affect security and privacy in the long term.</p> </section> <section class="section main-article-chapter" data-menu-title="Virtual desktop security checklist for CIOs"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Virtual desktop security checklist for CIOs</h2> <p>CIOs can use the following checklist as a starting point when implementing virtual desktop security strategies:</p> <ul class="default-list"> <li><b>Unified IAM.</b> Centralized identity and access management across networks, infrastructure, virtualization platforms, virtual desktops and data, including managed endpoints, with <a href="https://www.techtarget.com/searchsecurity/definition/zero-trust-model-zero-trust-network">zero-trust</a> and <a href="https://www.techtarget.com/searchsecurity/definition/role-based-access-control-RBAC">role-based access controls</a>.</li> <li><b>Data protection.</b> Encryption, compliance checks, data monitoring, anomaly detection, access logging, business continuity, data loss prevention and disaster recovery.</li> <li><b>Infrastructure and network security.</b> Patching, monitoring, logging, firewalls, secure tunneling and network segmentation across infrastructure and virtualization platforms.</li> <li><b>Virtual desktop security.</b> Image hardening, antimalware, automated patching, OS-level security and image management.</li> <li><b>Endpoint security.</b> Patching, monitoring, EDR, antimalware, compliance verification, conditional access and application control.</li> <li><b>Monitoring and alerting</b>. Comprehensive monitoring, logging and alerting to support threat detection and incident response.</li> <li><b>Risk and incident management.</b> Ongoing risk assessments and incident response plans to identify vulnerabilities and reduce impact and recovery time.</li> <li><b>User awareness.</b> Training and resources to help employees safeguard their virtual desktops.</li> </ul> <p><i>Robert Sheldon is a freelance technology writer. He has written numerous books, articles and training materials on a wide range of topics, including big data, generative AI, 5D memory crystals, the dark web and the 11th dimension.</i></p> </section> Virtual desktop security requires strong governance, IAM, monitoring and endpoint controls. CIOs must address risks across VDI and DaaS to protect data and ensure compliance. https://cdn.ttgtmedia.com/rms/onlineimages/security_a218339023.jpg https://www.techtarget.com/searchenterprisedesktop/feature/Building-a-virtual-desktop-security-strategy-for-the-enterprise Thu, 02 Apr 2026 09:15:00 GMT Building a virtual desktop security strategy for the enterprise <p>Hyper‑V can run Windows 11 reliably, but errors can occur when VMs don't meet modern security and resource requirements.</p> <p><a href="https://www.techtarget.com/searchvirtualdesktop/tip/What-is-Hyper-V-on-Windows-11-and-what-can-it-do">Hyper-V is Microsoft's native hypervisor</a>, which is included in Windows Server, as well as the Pro, Enterprise and Education editions of Windows 10 and Windows 11. Hyper-V lets Windows administrators create and run VMs on a PC or server and isolate different OSes and workloads.</p> <p>The platform is helpful for testing software and upgrades, running older apps or OSes, and creating isolated environments for software development or learning. IT can test Windows 11 patches and builds pre-rollout, <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-create-a-snapshot-of-your-custom-Windows-10-image">build rapid deployment images</a>, or run multiple Windows environments on a single server for lab or training setups.</p> <p>However, when installing or running Windows 11 in Hyper-V, an error message can appear: "This PC can't run Windows 11." Users and IT should learn why this compatibility warning appears in Hyper‑V, how Windows 11 evaluates system readiness inside a VM and the configuration adjustments that reliably resolve the issue.</p> <p>By understanding the relationship between Hyper‑V's virtual hardware model and <a href="https://www.techtarget.com/searchenterprisedesktop/tip/The-Windows-11-system-requirements-and-what-they-indicate">Windows 11's requirements</a>, administrators can create compliant VMs, streamline deployments and avoid unnecessary troubleshooting delays.</p> <section class="section main-article-chapter" data-menu-title="Windows 11 and Hyper-V requirements"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Windows 11 and Hyper-V requirements</h2> <p>Before installing Hyper-V, IT must ensure the PC meets the following requirements:</p> <ul type="disc" class="default-list"> <li>BIOS/UEFI-enabled hardware virtualization. This feature is called Intel VT‑x on Intel processors and AMD‑V on AMD processors.</li> <li>Sufficient RAM and CPU power, as VMs run in addition to the main OS.</li> <li>A Windows 11 ISO or a VHD file for installation.</li> <li>If planning to run Windows 11 as a guest OS, Microsoft requires Trusted Platform Module (TPM) 2.0, Secure Boot and certain CPU generations. Hyper-V provides virtual TPM (vTPM) and Secure Boot to meet these requirements.</li> </ul> <p>By default, Windows 11 enforces more stringent security standards than Windows 10. These <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Understand-the-limitations-of-running-Hyper-V-in-Windows-11">requirements extend to VMs</a>, too. Admins must configure VMs as Generation 2 with Secure Boot and a vTPM enabled. Otherwise, the installer blocks setup.</p> <p>To enable Hyper-V, use the <b>Turn Windows features on or off</b> Control Panel applet and check the Hyper-V options. Then, create a VM through the Hyper-V Manager or by using a PowerShell script.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_2-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_2-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_2-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_2-h.jpg 1280w" alt="The 'Turn Windows features on or off' Control Panel applet, with the 'Hyper-V,' 'Hyper-V Management Tools' and 'Hyper-V Platform' options selected." data-credit="Chris Twiest"> <figcaption> <i class="icon pictures" data-icon="z"></i>To enable Hyper-V, navigate to the Windows Features menu in the Control Panel and fill in the checkboxes for the Hyper-V features. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>After the installation, restart the computer to enable Hyper-V.</p> </section> <section class="section main-article-chapter" data-menu-title="How to handle a Windows 11 error message in Hyper-V"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to handle a Windows 11 error message in Hyper-V</h2> <p>When installing or running Windows 11 in Hyper-V, users might see a "This PC can't run Windows 11" error message. This error occurs because the Windows 11 installer checks for strict hardware requirements, even inside a VM.</p> <p>The first possible cause is that vTPM is not enabled. To fix this issue, right-click the VM within Hyper-V Manager, then select <b>Settings</b>. Under <b>Security</b>, check the box for <b>Enable Trusted Platform Module</b>. This action adds a vTPM chip so the installer passes the requirement check. If the Enable Trusted Platform Module setting isn't available, the PC is likely running a Generation 1 VM. Create a Generation 2 VM, and the option will be available.</p> <p>Another possible cause is that the VM doesn't have enough virtual processors. At least two virtual CPU (<a href="https://www.techtarget.com/whatis/definition/virtual-CPU-vCPU">vCPU</a>) cores must be enabled in a VM for Windows 11 to work. To solve this issue, open the VM settings within Hyper-V, find the <b>Number of virtual processors</b> setting and set it to a minimum of two.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Sometimes a host machine or VM setup can't meet all of Windows 11's official requirements. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>The problem could be that Secure Boot is not enabled. To solve this, open the VM settings in Hyper-V Manager and select <b>Security</b>. Then, turn on <b>Enable Secure Boot</b>. Choose <b>Microsoft Windows</b> from the template drop-down.</p> <p>The last possible cause is too little memory or storage. Fix this problem by assigning at least 4 GB of RAM to the VM. 8 GB is recommended. Use a 64 GB+ VHDX and a minimum of two virtual processors.</p> <p>Sometimes a host machine or VM setup can't meet all of Windows 11's official requirements. In these cases, users and administrators have the following options:</p> <ul type="disc" class="default-list"> <li><b>Stay on Windows 10.</b> The OS reached its end of support in October 2025, so most editions no longer receive security updates. This option is only suited to tightly controlled environments, offline systems or legacy workloads that cannot yet <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-plan-a-Windows-11-upgrade-project">transition to Windows 11</a>.</li> <li><b>Run Windows 11 with requirement bypasses.</b> Microsoft provides a registry-based bypass to install Windows 11 without TPM or Secure Boot, although it's officially unsupported. This is not recommended for production environments.</li> <li><b>Use Windows Insider Dev or Canary builds inside a VM.</b> These <a target="_blank" href="https://www.microsoft.com/en-us/windowsinsider/" rel="noopener">channels</a> enable more flexible installation paths, which makes them useful for testing. This is not recommended for production environments.</li> <li><b>Consider alternative virtualization platforms. </b>Alternative platforms, such as VMware Workstation or Oracle VirtualBox, can sometimes be more forgiving with requirements. However, performance and stability might vary.</li> </ul> <h3>Other Hyper-V installation issues</h3> <p>There are a few other common pitfalls that users and admins can run into during the installation or first use of Hyper-V. Be sure to avoid the following setup and configuration mistakes:</p> <ul class="default-list"> <li><b>Edition and licensing limitations.</b> Hyper-V is not included in Windows 11 Home.</li> <li><b>Hardware virtualization support.</b> The PC's CPU must <a href="https://www.techtarget.com/searchitoperations/tip/Understand-hardware-support-for-virtualization">support virtualization</a>, and this must be enabled in the BIOS/UEFI.</li> <li><b>Conflicts with other hypervisors.</b> Hyper-V conflicts with VMware Workstation and VirtualBox.</li> <li><b>TPM or Secure Boot issues.</b> Virtual TPM needs to be enabled.</li> <li><b>Memory and resource issues.</b> Hyper-V needs enough reserved RAM. If too little is assigned, VMs won't boot.</li> <li><b>Nested virtualization.</b> If admins try to run Hyper-V inside a Hyper-V VM, it won't work unless they explicitly <a target="_blank" href="https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/enable-nested-virtualization" rel="noopener">enable nested virtualization</a> on the VM's processor.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Best practices for preparing Windows 11 VMs in Hyper-V"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Best practices for preparing Windows 11 VMs in Hyper-V</h2> <p>The key to preventing Windows 11 VM errors is planning the VM setup correctly before installation -- Generation 2 VM, Secure Boot, TPM, sufficient RAM and disk space, and an up-to-date host. Admins should take the following steps:</p> <ul type="disc" class="default-list"> <li><b>Choose the right VM generation.</b> Always use Generation 2 VMs for modern OSes such as Windows 11 and Windows Server 2016 or later. Generation 1 is only for legacy systems needing BIOS boot, such as Windows 7 or Windows XP.</li> <li><b>Enable security features early.</b> Doing this before the first boot avoids the "This PC can't run Windows 11" error.</li> <li><b>Allocate realistic resources.</b> Provide the VM with enough capacity -- ideally 8 GB of RAM if the host can spare it, at least two vCPUs and a VHDX of around 128 GB. Avoid overcommitting host resources and use<b> </b>dynamic memory carefully.</li> <li><b>Plan networking.</b> Hyper-V automatically creates a default switch, an internal switch with <a href="https://www.techtarget.com/searchnetworking/definition/Network-Address-Translation-NAT">network address translation</a> enabled. It works for basic connectivity but has limitations. If VMs need LAN access, create an external switch tied to a physical network interface card. Make sure Dynamic Host Configuration Protocol and DNS are available if the VM must join a domain or access shared services.</li> <li><b>Use checkpoints and templates.</b> Checkpoints, also known as snapshots, let IT <a href="https://www.techtarget.com/searchitoperations/tip/A-beginners-guide-to-Hyper-V-checkpoints">revert the VM to a previous state</a> if an installation or update causes issues. Creating a golden Windows 11 VM and cloning this for new VMs saves time and ensures consistency.</li> </ul> <p>Adopting these best practices makes Hyper-V more reliable, secure and future-proof.</p> <p><i>Helen Searle-Jones holds a group head of IT position in the manufacturing sector. She draws on 30 years of experience in enterprise and end-user computing, utilizing cloud and on-premise technologies to enhance IT performance.</i></p> </section> Windows 11 VMs can fail to install in Hyper‑V unless administrators configure Secure Boot, TPM and proper resources. Planning the VM setup prevents these errors. https://cdn.ttgtmedia.com/rms/onlineimages/security_a303249453.jpg https://www.techtarget.com/searchvirtualdesktop/tip/What-to-do-when-a-PC-cant-run-Windows-11-on-Hyper-V Fri, 27 Mar 2026 15:43:00 GMT What to do when a PC can't run Windows 11 on Hyper-V <p>A working microphone is a basic requirement for many remote desktop users, especially those relying on VoIP, video meetings and dictation. When microphone redirection fails inside a remote session, the problem can stem from the local device, the remote desktop client, policy settings or audio services.</p> <p>For IT teams, the fastest troubleshooting path is to confirm that the microphone works locally first, then review how the remote session handles device and audio redirection. From there, administrators can move on to Group Policy, registry or service-level checks if needed.</p> <p>There are several areas within the Remote Desktop Protocol (<a href="https://www.techtarget.com/searchenterprisedesktop/definition/Remote-Desktop-Protocol-RDP">RDP</a>) configuration that affect microphone functionality, and IT administrators should review each of these so that everything works properly. To validate functionality, admins should start with the local device and connection type and then review the various RDP configuration settings.</p> <section class="section main-article-chapter" data-menu-title="Local device and microphone connection type"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Local device and microphone connection type</h2> <p>The microphone that is attached to the end-user device must first function properly on that device. After plugging in the microphone, can the user successfully use this local peripheral device?</p> <p>Users might not know that multiple microphones might be present, so they should make sure they are accessing the desired microphone. For example, most laptops have an internal microphone, and many headsets also have an embedded microphone. If the audio sounds distant, the issue might be as simple as an incorrect microphone designation.</p> <p>If the microphone does not function at all on the local device, the issue might be related to connectivity or drivers. While most microphones are plug-and-play devices -- meaning that they automatically self-configure once plugged in -- some devices might require the installation of drivers or other software.</p> <p>On Windows 10 and Windows 11 endpoints, administrators should also verify local privacy settings for microphone access. If the operating system blocks desktop apps from using the microphone, the remote desktop client might not be able to redirect audio input into the remote session.</p> <p>The type of connection the device is using can have an impact as well. Microphones can connect via a 2.5 mm/3.5 mm jack, Bluetooth or USB. While a connected microphone might function locally without issue, the connection type might not be enabled, or it might not function correctly within an RDP user session.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Where should admins check microphone settings first?</h3> <p>For microphone problems in a remote session, the first troubleshooting step depends on the connection method:</p> <ul class="default-list"> <li><strong>Local device:</strong> confirm the microphone works outside the remote session.</li> <li><strong>Classic Remote Desktop Connection:</strong> review the <strong>Local Resources</strong> tab.</li> <li><strong>Windows App or other remote desktop clients:</strong> review device and audio redirection settings.</li> <li><strong>RDP server / domain:</strong> review Group Policy and resource-redirection settings.</li> <li><strong>Remote session itself:</strong> confirm Windows Audio Service is running.</li> </ul> </div> </div> </section> <section class="section main-article-chapter" data-menu-title="RDP settings that affect microphones"> <h2 class="section-title"><i class="icon" data-icon="1"></i>RDP settings that affect microphones</h2> <p>Ideally, users should plug the microphone in before starting the remote session. While some clients can recognize a peripheral after the session starts, that behavior is not always consistent across platforms and connection types.</p> <p>Numerous settings can affect microphones within a remote desktop session. If any of the following settings disallow the microphone connection, the peripheral will not function properly. </p> <ul class="default-list"> <li>End-user device RDP connection settings.</li> <li><a href="https://www.techtarget.com/searchwindowsserver/definition/Group-Policy">Group Policy</a> settings for the RDP server and domain.</li> <li>Windows service, including Windows Audio Service.</li> </ul> <p>If the user is connecting with Windows App or another third-party client rather than the classic Remote Desktop Connection tool, administrators should also review that client's device and audio redirection settings.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/microphone_rdp_1-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/microphone_rdp_1-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/microphone_rdp_1-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/microphone_rdp_1-h.jpg 1280w" alt="The Local Resources tab for remote desktop connection settings" height="383" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. Users can configure the RDP connection settings from within the Local Resources tab on end-user devices. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>On end-user devices, the location of microphone settings depends on the remote desktop client in use. In the classic Remote Desktop Connection client, users can review microphone and audio settings from the <strong>Local Resources</strong> tab (Figure 1). In <strong>Windows App</strong> or third-party clients such as Citrix, VMware or Parallels, equivalent redirection settings might appear in different menus or device and audio settings. If those settings are disabled or misconfigured, the microphone might not function properly in the remote session.</p> <p>However, the most common reason that a microphone doesn't function properly is due to Group Policy Object (<a href="https://www.techtarget.com/searchwindowsserver/definition/Group-Policy-Object">GPO</a>) settings or registry settings. There are two places where GPO settings can affect the RDP session: the local remote desktop server and the domain-wide settings. Disabling the microphone or other connection settings within either of these locations affects microphone functionality.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/microphone_rdp_2-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/microphone_rdp_2-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/microphone_rdp_2-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/microphone_rdp_2-h.jpg 1280w" alt="The different settings available under Device and Resource Redirection" height="188" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. Admins can view various settings that might affect microphone functionality under Device and Resource Redirection. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Within Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Device and Resource Redirection, admins can view various settings that can affect microphone functionality (Figure 2). These settings are available both as an Active Directory (<a href="https://www.techtarget.com/searchwindowsserver/definition/Active-Directory">AD</a>) GPO that encompasses an organization unit within the domain and as a local GPO that affects only that remote desktop server.</p> <p>For example, if the <strong>Allow audio recording redirection</strong> option is disabled on the remote desktop server but not configured within a domain GPO, the user would not be able to connect a microphone to that remote desktop resource. The user would be able to connect a microphone to other remote desktop resources that do not have this GPO configured, however.</p> <p>If audio playback settings have been altered, the user might perceive a microphone issue because playback does not occur as expected within the RDP session. For example, if a user recorded dictation and is unable to listen to the playback, it might not be clear that the microphone did indeed function properly, but audio playback was limited or disabled.</p> <p>Administrators should exercise extreme caution when making one-off <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Understanding-remote-desktop-connection-management-tools">changes to a remote desktop server</a>, such as when troubleshooting an issue for a user. If any changes are temporarily made to local GPOs, admins should reverse these changes immediately and/or deploy a newly provisioned remote desktop server to revert to the pristine state that has the correct local and domain GPOs <a href="https://learn.microsoft.com/en-us/windows-server/networking/branchcache/deploy/use-group-policy-to-configure-domain-member-client-computers" target="_blank" rel="noopener">applied</a>.</p> <p>Windows service settings can also affect microphone functionality. If a red cross appears on the sound icon within the remote desktop, it is likely that Windows Audio Service is not running. As a result, microphone functionality would be disabled.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> There are multiple places where microphone-related settings can be configured, and administrators must consequently review each location. To streamline peripheral settings, the best method is to use only Active Directory GPOs. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>If a third-party virtualization product -- such as Citrix, VMware or Parallels -- is in use, additional settings can be administratively configured. These settings can prevent or alter not only microphone functionality, but also connectivity ports, such as USB and Bluetooth.</p> <p>There are multiple places where microphone-related settings can be configured, and administrators must consequently review each location. To streamline peripheral settings, the best method is to use only AD GPOs.</p> </section> <section class="section main-article-chapter" data-menu-title="Troubleshooting remote desktop microphones"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Troubleshooting remote desktop microphones</h2> <p>A remote desktop microphone not working sometimes emerges as a technical support issue. If this issue is only occurring for a single user, it is likely related to either the physical microphone or its configuration. In this case, it is best to start at the user's device and ensure functionality as a first step. Admins should ask the following questions:</p> <ul class="default-list"> <li>Does the microphone function properly on the local device? For example, can the user successfully dictate via the microphone within a local Word document?</li> <li>Is this a new microphone, or has the microphone worked properly previously? When was the last time that the user was able to use the microphone locally and within an RDP session?</li> <li>What appears within the RDP connection settings? Have the user or admins revised these recently?</li> <li>Can this microphone be tested on another user device in order to rule out a faulty peripheral?</li> </ul> <p>If multiple users report that their microphones are not working, the issue likely stems from policy settings or port configuration. Administrators should review GPO settings to determine which specific configuration might be blocking or altering microphone functionality. A tool such as AD <a href="https://www.techtarget.com/searchwindowsserver/definition/RSoP-Resultant-Set-of-Policy">Resultant Set of Policy</a> should be used to review the settings that are ultimately applied to the user and device.</p> <p>In addition, admins should review vendor configuration to ensure that other settings are allowing microphone functionality. For example, if administrators have blocked all access to USB drives, microphones that plug into a USB port will not be redirected within the user session.</p> <p>Ensuring that microphones function properly can be challenging due to the numerous configuration settings that can block or alter microphone functionality. By ensuring that the microphone functions properly on the local device and checking various settings, admins can easily address most microphone-related issues.</p> <p><strong>Editor's note:</strong> <em>This article was updated to reflect current remote desktop client options and microphone redirection troubleshooting considerations.</em></p> <p><i>Jo Harder has been involved with virtualization for over 19 years. She focuses on Citrix virtualization solutions and has been a Citrix Technology Professional (CTP) for four years.</i></p> </section> Hybrid work still creates audio problems for remote users. Learn how to troubleshoot a remote desktop microphone that is not working across client, policy and service settings. https://cdn.ttgtmedia.com/rms/onlineimages/ai_a252657224.jpg https://www.techtarget.com/searchvirtualdesktop/tip/How-to-fix-a-remote-desktop-microphone-thats-not-working Tue, 24 Mar 2026 13:32:00 GMT How to fix a remote desktop microphone that's not working <p>Organizations that rely on desktop virtualization -- or are considering a transition to this technology -- should understand Microsoft's two main virtual desktop technologies: Windows 365 and Azure Virtual Desktop (AVD).</p> <p>Both services run on Microsoft's <a href="https://www.techtarget.com/searchcloudcomputing/definition/Windows-Azure">Azure cloud</a> platform, but there are some significant differences between them. Comparing Microsoft Windows 365 and AVD on features, licensing, support and other factors is important for any organization to determine the best product for its needs.</p> <section class="section main-article-chapter" data-menu-title="Understanding Windows 365"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Understanding Windows 365</h2> <p>Windows 365's virtual desktops function as cloud PCs, single-user desktop applications that use Azure for virtual desktop deployment and storage. Microsoft charges a fixed monthly licensing cost per user -- similar to leasing a physical PC -- so customers pay whether it is in use for 50 or 500 hours. Additional products and services, such as Azure paid subscriptions and Intune, might be required depending on the Windows 365 offering purchased. This will be described later in this article.</p> <p>Windows 365 does not support Azure Active Directory Domain Services (AAD DS) or Windows 10/11 Enterprise multi-session. Multi-session workloads are only available in Azure Virtual Desktop, which can be licensed through Microsoft 365 plans.</p> <p>Windows 365 offers two primary editions: Business and Enterprise. Each provides cloud PCs with predefined hardware configurations, including CPU, memory and storage. These configurations are offered as a range of fixed-size options rather than custom options.</p> <h3>Windows 365 Enterprise edition</h3> <p>The Enterprise edition offers unlimited seats per user and is more flexible than the Business edition, giving IT staff greater freedom to configure the network. Enterprise edition is ideal if high levels of security are required, or if the organization needs network integration, policy control or scalability.</p> <p>Important features of the Windows 365 Enterprise edition are centered around flexibility and scale for enterprise-level organizations.</p> <ul type="disc" class="default-list"> <li>Effective for organizations of any size, as there is no seat cap per tenant, thus an unlimited user configuration is possible.</li> <li>User actions are the same as the Business version, but role permissions are managed using Microsoft Intune.</li> <li>Requires Microsoft Entra ID P1 (previously Azure AD P1), Intune and Enterprise Windows licensing. An Azure subscription is optional. This offers the following advanced features:</li> <ul type="circle" class="default-list"> <li>Windows 365 resources cannot be added to an existing Azure subscription or resource groups. However, they can be added with Azure Virtual Desktop.</li> <li>Policy Deployment, advanced monitoring and troubleshooting.</li> <li>Resizing, image management and policy targeting.</li> <li>IT staff can manage networking.</li> </ul> <li>Customizable provisioning, such as custom images and network configuration.</li> <li>Supports Entra ID Join and Hybrid Entra ID Join for identity integration. When used with an Azure Network Connection (ANC), Hybrid Join provides connectivity to on-premises networks and custom domains.</li> <li>Security features include conditional access, legacy multifactor authentication and integration with Microsoft Defender for Endpoint, which requires E5 licensing.</li> </ul> <h3>Pricing and licensing for Windows 365 Enterprise</h3> <p>Windows 365 Enterprise requires users to have enterprise-grade licenses, including Windows 10 and 11 Enterprise, Intune (per user), and Entra ID P1. Cost is based on configuration -- including vCPU, memory and storage -- and runs from $28 per user, per month to $41 per user, per month. Large configurations run $315 per user, per month for 16 vCPU, 64 GB RAM and 1 TB storage.</p> <p>Fees are charged per named user, meaning everyone will need an account, and customers pay the fee whether the cloud PC is in use or not. In comparison, AVD is a pay-as-you-go service and <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Azure-Virtual-Desktop-sizing-guide-for-IT">only charges customers for the time and resources they use</a>.</p> <p>An Azure paid subscription is not required for the cloud PCs if you are using a Microsoft-hosted network, which requires Entra ID P1 and Intune. If an ANC is used, an Azure subscription is required to deploy the cloud PCs into an Azure Virtual Network (VNet). Organizations must choose either a Microsoft-hosted network or an ANC.</p> <h3>Windows 365 Business edition</h3> <p>Windows 365 Business edition is ideal for organizations that need simple, fast-to-deploy cloud PC options and for SMBs that do not require hands-on management, enabling Microsoft to manage it. The Business edition is limited to 300 seats but offers only basic security features, which require additional licensing for higher levels of security.</p> <p>The Business edition offers the following key features that benefit SMBs or those with small deployments.</p> <ul type="disc" class="default-list"> <li>Ideal for small organizations up to 300 seats per tenant.</li> <li>Simple, automatic provisioning. Cloud PCs use standard images based on license agreement.</li> <li>Administration and management are accomplished through the Windows 365 portal or the Microsoft 365 Admin Center. More advanced management is possible with an Intune license, but it remains limited compared to the Enterprise edition.</li> <li>Entra ID Join is supported without requiring VNet.</li> <li>Provides conditional access security only and requires Entra ID P1. Advanced features are not supported but can be added via the E5 License.</li> <li>Cloud PC users can manage and troubleshoot their devices from the Windows 365 homepage. Admins can grant local admin access to users individually.</li> </ul> <table class="main-article-table" style="width: 746px;"> <thead> <tr style="height: 55px;"> <td style="width: 170.413px; height: 55px;"><b>Feature</b></td> <td style="width: 261.638px; height: 55px;"><b>Windows 365 Business</b></td> <td style="width: 304.75px; height: 55px;"><strong>Windows 365 Enterprise</strong></td> </tr> </thead> <tbody> <tr style="height: 18px;"> <td style="width: 170.413px; height: 18px;"><b>User (seat) limit</b></td> <td style="width: 261.638px; height: 18px;">300</td> <td style="width: 304.75px; height: 18px;">Unlimited</td> </tr> <tr style="height: 18px;"> <td style="width: 170.413px; height: 18px;"><b>User controls</b></td> <td style="width: 261.638px; height: 18px;">Default standard user</td> <td style="width: 304.75px; height: 18px;">Admin Control (Intune)</td> </tr> <tr style="height: 18px;"> <td style="width: 170.413px; height: 18px;"><b>Management</b></td> <td style="width: 261.638px; height: 18px;">Management via the Windows 365 Portal or Microsoft 365 Admin Center</td> <td style="width: 304.75px; height: 18px;">Managed primarily through Intune. Includes policy deployment via Group Policy and MDM. Supports programmatic through Microsoft Graph APIs.</td> </tr> <tr style="height: 18px;"> <td style="width: 170.413px; height: 18px;"><b>Setup complexity</b></td> <td style="width: 261.638px; height: 18px;">Simple</td> <td style="width: 304.75px; height: 18px;">Highly customizable provisioning</td> </tr> <tr style="height: 18px;"> <td style="width: 170.413px; height: 18px;"><b>Networking options</b></td> <td style="width: 261.638px; height: 18px;">Entra ID Join only</td> <td style="width: 304.75px; height: 18px;">Entra ID Join or Hybrid Join with ANC</td> </tr> <tr style="height: 18px;"> <td style="width: 170.413px; height: 18px;"><b>Security</b></td> <td style="width: 261.638px; height: 18px;">Limited features. Advanced features require additional licensing.</td> <td style="width: 304.75px; height: 18px;">Full enterprise security integration</td> </tr> </tbody> </table> <h3>Pricing and licensing for Windows 365 Business edition</h3> <p>The Business edition <a target="_blank" href="https://www.microsoft.com/en-us/windows-365/business/compare-plans-pricing" rel="noopener">pricing</a> depends on cloud PC configuration and is charged per user, per month, typically as an annual subscription.</p> <ul class="default-list"> <li>Basic: $31</li> <li>Standard: $41</li> <li>Premium: $66-$162</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Understanding Azure Virtual Desktop"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Understanding Azure Virtual Desktop</h2> <p>AVD differs from Windows 365 in many ways. Windows 365 is a fully managed, fixed-cost cloud PC with consistent pricing and simplified management and deployment, but at a higher cost per user than AVD. AVD still <a href="https://www.techtarget.com/searchvirtualdesktop/answer/How-do-virtual-desktops-work">provides a virtual desktop</a> benefit to users but enables organizations to manage and deploy those desktops in a more granular, efficient manner using Azure Cloud services. This flexibility comes with a greater need for administration and a heavier workload for IT professionals.</p> <p>Unlike Windows 365, AVD supports multi-session Windows 10 and 11 configurations and integrates with AAD DS, which enables virtual desktops to join a managed domain without requiring a traditional on-premises AD infrastructure. This permits organizations to deploy AVD without a full AD DS environment. AAD DS provides AD services such as domain join, group policies and authentication as a managed service.</p> <p>Organizations can deliver Azure Virtual Desktop as a personal or pooled desktop.</p> <h3>AVD personal desktops</h3> <p>Azure's personal host pool functions similarly to Windows 365 Cloud PCs. However, Windows 365 Cloud PCs are single-user -- one cloud PC per user -- and feature a fixed per-user monthly subscription. Azure's personal host pool assigns each user to a single dedicated session host VM. This configuration gives the user the look and feel of a traditional physical PC, but in the cloud. Because compute resources in personal host pools are not shared, they are often more costly than pooled desktops. This model is typically appropriate for power users who require higher performance.</p> <p>With the personal desktop approach, IT can do the following:</p> <ul type="disc" class="default-list"> <li>Provide a dedicated Windows 10/11 Enterprise virtual desktop to each user, which is accessible from any device.</li> <li>Deliver full desktops, with RemoteApp streaming available on pooled hosts.</li> <li>Support session hosts running Windows 10, Windows 11, Windows 7 and Windows Server OSes in a unified manner.</li> </ul> <h3>AVD pooled host desktops</h3> <p>A pooled host pool is a collection of session hosts (VMs) or shared desktops that deliver shared desktops or RemoteApp sessions to multiple users and are load-balanced across hosts. Thus, many users share VMs simultaneously. This is accomplished using the Windows 10 and 11 Enterprise multi-session feature.</p> <p>The user experience in the pooled host configuration is preserved from session to session. Files, settings and apps are preserved between logins regardless of which VM they connect to. This is ideal for users who do not require a dedicated PC and use standard software, such as call center employees, customer service agents or general office workers.</p> <p>This approach is also ideal for resource-intensive workloads. For instance, if a particular project has compute-intensive requirements, such as 3D design, IT can create a pool of nodes that meet those requirements and assign them to users. IT can create these nodes manually or in batch and organize them in any way it needs. There is no limit to the number of pools. IT can easily scale published pool desktops, enabling the admin to add or reduce capacity.</p> <p>IT can create AVD pools with a custom image or an Azure Compute Gallery image and configure them with customized CPU, GPU, memory and storage to meet specific needs. AVD pools also support Remote App streaming, which publishes single apps rather than a full desktop. This turns AVD into a <a href="https://www.techtarget.com/searchcloudcomputing/definition/Platform-as-a-Service-PaaS">PaaS</a> for delivering apps to users over a secure network, providing a SaaS-like experience.</p> <p>Another significant feature of AVD is that it supports management through the Azure portal, Azure Virtual Desktop PowerShell and <a href="https://www.techtarget.com/searchapparchitecture/definition/REST-REpresentational-State-Transfer">REST</a> APIs. This enables IT to centrally manage virtual desktops, OSes and apps across the environment.</p> <p>Perhaps the biggest drawback for AVD is the complexity that comes with this flexibility -- a bit of a double-edged sword. There are, however, plenty of third-party platforms, including Citrix, Nerdio and Workspot.</p> <h3>AVD pricing and licensing</h3> <p>AVD offers pay-as-you-go pricing, letting customers pay for compute capacity by the second. If a user runs a virtual desktop for nine hours a day for five days, they will pay for 45 hours. If there is a three-day holiday and the AVD is not in use, there is no charge, unlike the per-user model in Windows 365, which is charged regardless of usage.</p> <p>In addition, Microsoft offers reserved instances for AVD session hosts that can be purchased upfront for up to three years. This can work well for customers with steady, predictable use patterns and offers additional cost savings over standard pay-as-you-go pricing.</p> <p>Azure Virtual Desktop requires the following licenses and components:</p> <ul type="disc" class="default-list"> <li>Windows Enterprise or Microsoft 365 licensing with AVD rights.</li> <li>An Entra ID tenant for identity and access management.</li> <li>An active Azure subscription to provision and manage session host VMs.</li> <li>Session host VMs that are <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Azure-Virtual-Desktop-setup-tutorial">domain-joined</a> to AAD DS or a hybrid environment.</li> <li>User identities in Entra ID, either native or synced.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="Is Windows 365 or Azure Virtual Desktop the best option?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Is Windows 365 or Azure Virtual Desktop the best option?</h2> <p>At this point, organizations should determine which of these technologies best suits their business and infrastructure goals.</p> <p>Consider that one of these Microsoft services might be especially attractive for organizations that have the following:</p> <ul type="disc" class="default-list"> <li>A significant existing Microsoft investment, including Intune, Azure, Entra ID and related services.</li> <li>Frequent desktop deployment and features such as remote app streaming and cloud-based management.</li> <li>A large remote or <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Can-users-run-Windows-365-on-Android-and-iOS">mobile user base</a> with challenges maintaining patches and security.</li> </ul> <h3>Pricing comparison: Windows 365 vs. Azure Virtual Desktop</h3> <p>For most organizations, the decision comes down to pricing. The Windows 365 pricing model is straightforward and reliable, intended for stable organizations without internal management expertise. Pricing is based on machine configuration and billed per user, per month. AVD pricing is a simplistic, usage-based model. Billing is per second or minute for the resources used by the virtual desktops.</p> <p></p> <table class="main-article-table" style="width: 746px;"> <thead> <tr style="height: 55px;"> <td style="width: 170.413px; height: 55px;"><b>Pricing model</b></td> <td style="width: 261.638px; height: 55px;"><b>Azure Virtual Desktop pricing </b></td> <td style="width: 304.75px; height: 55px;"><strong>Windows 365 pricing </strong></td> </tr> </thead> <tbody> <tr style="height: 18px;"> <td style="width: 170.413px; height: 18px;"><b>Model</b></td> <td style="width: 261.638px; height: 18px;">Usage-based for Azure infrastructure</td> <td style="width: 304.75px; height: 18px;">Fixed monthly, per-user subscription</td> </tr> <tr style="height: 18px;"> <td style="width: 170.413px; height: 18px;"><b>User licensing </b></td> <td style="width: 261.638px; height: 18px;">Requires Microsoft 365 or Windows licenses with AVD rights </td> <td style="width: 304.75px; height: 18px;">Subscription includes Cloud PC OS license and access rights</td> </tr> <tr style="height: 18px;"> <td style="width: 170.413px; height: 18px;"><b>Cost variability</b></td> <td style="width: 261.638px; height: 18px;">Costs fluctuate based on VM configuration and usage</td> <td style="width: 304.75px; height: 18px;">Fixed cost regardless of actual usage</td> </tr> <tr style="height: 18px;"> <td style="width: 170.413px; height: 18px;"><b>Saving options</b></td> <td style="width: 261.638px; height: 18px;">Reserved instances have discounted rates for a one- to three-year commitment</td> <td style="width: 304.75px; height: 18px;">Annual billing and volume discounts, as well as periodic promotions</td> </tr> <tr style="height: 18px;"> <td style="width: 170.413px; height: 18px;"><b>Billing</b></td> <td style="width: 261.638px; height: 18px;">Only active compute time is billed. Powering down VMs stops charges.</td> <td style="width: 304.75px; height: 18px;">Charged per user per month, whether it is used or not</td> </tr> <tr style="height: 18px;"> <td style="width: 170.413px; height: 18px;"><b>Management</b></td> <td style="width: 261.638px; height: 18px;">Customer managed via Azure; requires training and expertise by local IT staff.</td> <td style="width: 304.75px; height: 18px;">Managed by Microsoft. IT manages users and policies.</td> </tr> </tbody> </table> <p></p> <h3>How to decide between Windows 365 and Azure Virtual Desktop</h3> <p>The choice between these two products comes down to comparing their key features and pricing models.</p> <p>Choose Windows 365 if the organization requires a simple, fully managed cloud PC environment with stable, reliable monthly pricing and lower IT overhead. Windows 365 is well-suited for SMBs or teams that already have Microsoft 365 services and need to provide individual virtual desktops to remote or hybrid employees without reduced management overhead.</p> <p>Choose AVD if<b> </b>the organization has a complex user environment with variable computing needs and a flexible workforce that might require access to virtual desktops at various locations. AVD is a good option for organizations with an existing Azure infrastructure and services. It also benefits organizations that desire a granular pricing schedule that charges per second of actual computing resources used. AVD will also benefit organizations that need to deliver desktops and applications to large, complex user bases.</p> <p>Choose neither if the organization:</p> <ul type="disc" class="default-list"> <li>Has no investment or existing infrastructure based on Azure. However, if there are reasons for the organization to add an Azure infrastructure, these services could be a good fit.</li> <li>Has fewer than 50 users, though this is not a universal rule. Windows 365 Business is a good fit for smaller teams and SMBs, thanks to its simplified management.</li> <li>Has no administrators with Azure or virtual desktop expertise.</li> <li>Does not have a dynamic, relatively stable environment.</li> <li>Has relatively simple security and management considerations.</li> </ul> <p>Determining the best virtual desktop product and service requires an organization to evaluate its needs based on size, scale, pricing, IT staff expertise and availability.</p> <p><strong>Editor's note:</strong> <em>This article was updated in March 2026 to improve the reader experience.</em></p> <p><i>Gary Olsen has worked in the IT industry since 1983 and holds a Master of Science in computer-aided manufacturing from Brigham Young University. He was on Microsoft's Windows 2000 beta support team for Active Directory from 1998 to 2000 and has written two books on Active Directory and numerous technical articles for magazines and websites.</i></p> </section> Windows 365 and Azure Virtual Desktop are both Microsoft virtual desktop offerings, but there are major differences between a Windows 365 Cloud PC and an AVD deployment. https://cdn.ttgtmedia.com/rms/onlineimages/check_g1211896141.jpg https://www.techtarget.com/searchvirtualdesktop/tip/Comparing-Windows-365-vs-Azure-Virtual-Desktop Mon, 23 Mar 2026 15:00:00 GMT Comparing Windows 365 vs. Azure Virtual Desktop <p>Remote desktops can be incredibly flexible and fulfill numerous use cases, but they need all the right settings and configurations to make those use cases work.</p> <p>In today's distributed enterprise, remote desktop protocol (<a href="https://www.techtarget.com/searchenterprisedesktop/definition/Remote-Desktop-Protocol-RDP">RDP</a>) remains a foundational technology for delivering secure, scalable access to corporate resources. But as environments grow more complex -- and as attackers increasingly target remote access pathways -- IT leaders must ensure that their RDP configurations are both functional and strategically governed. Misconfigured RDP files, unmanaged endpoints and inconsistent session policies can introduce operational friction and unnecessary risk.</p> <p>To build a resilient, well‑managed RDP strategy, IT administrators should learn all the most common settings for RDP sessions and how to manage the files that control them.</p> <section class="section main-article-chapter" data-menu-title="What are the components of an RDP session?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are the components of an RDP session?</h2> <p>Knowing the basics of RDP before editing RDP files for end users is essential for an administrator. A Microsoft remote desktop implementation consists of the following components:</p> <ul class="default-list"> <li><b>RD Connection Broker.</b> This is the load balancer and broker for the environment. The server will check a user's credentials and which remote resources the user has access to. The connection broker <a href="https://www.techtarget.com/searchnetworking/answer/Application-vs-network-load-balancing-Whats-the-difference">also load balances the sessions</a> over the available session hosts.</li> <li><b>RD Licensing.</b> As the name suggests, this is the licensing server for a remote desktop deployment. Each user who signs into the environment needs a valid license to create a session.</li> <li><b>RD Web Access.</b> This server creates a website -- or web server -- for end users to easily access their remote resources. When an end user clicks on a resource, an RDP file is generated for the user to start.</li> <li><b>RD Gateway.</b> This server enables a remote desktop session to be started over the internet. It translates RDP to HTTPS.</li> <li><b>RD Session Hosts.</b> These are the servers that host the resources that end users connect to and start their sessions on.</li> <li><b>RD Virtualization Host.</b> This is an optional component. <a href="https://www.techtarget.com/searchvirtualdesktop/tip/How-to-enable-and-manage-Windows-11-Hyper-V">Organizations that use Hyper-V</a> can choose to set up a VDI with many hosts managed through the RDS console. This function is not used often.</li> </ul> </section> <section class="section main-article-chapter" data-menu-title="What are the different RDP file settings and what do they do?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>What are the different RDP file settings and what do they do?</h2> <p>With the basics of RDP covered, IT administrators should look at the RDP files. The Remote Desktop Client can open RDP files on a computer through MSTSC.exe, and this is where administrators can see the status of different settings. Another way to look at the files as an administrator is with a text editor. Because an RDP file is a non-encrypted configuration file, administrators can easily edit it with text editors. Notepad++ has many extra features like line numbers and easy selections.</p> <p>Figure 1 shows an example of a basic RDP file for a local session to a server named test in Notepad++. Administrators can edit this file, save it and distribute it to the clients.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/understand_rdp_file_settings-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/understand_rdp_file_settings-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/understand_rdp_file_settings-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/understand_rdp_file_settings-h.jpg 1280w" alt="A screenshot of the RDP files within a text editor and their various settings. " data-credit="Chris Twiest" height="603" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. The settings for an RDP file that define the session and how it functions. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>As an administrator, it's important to know what most of these options mean for end users, especially if these settings go to users' Microsoft-managed endpoints.</p> <p><b>screen mode.</b> Determines whether the session starts in a window (1) or full screen (2).</p> <p><b>use multimon.</b>  Enables the remote session to use multiple monitors.</p> <p><b>desktopwidth.</b> Specifies the <a href="https://www.techtarget.com/searchvirtualdesktop/tutorial/How-to-get-the-right-Hyper-V-window-size-in-Windows-11">session's width</a> in pixels.</p> <p><b>desktopheight.</b> Specifies the session's height in pixels.  </p> <p><b>session bpp.</b> Determines the color depth of the session.</p> <p><b>winposstr.</b> Sets the start position of the Remote Desktop Connection window.</p> <p><b>compression.</b> Enables or disables bulk compression for data transmission to the local device.</p> <p><b>keyboardhook.</b> With this option, admins can map the Windows and Alt + Tab key combinations to the remote session or keep them locally.</p> <p><b>audiocapturemode.</b> With this option, admins can enable audio capture -- or microphone -- redirection to the remote session.</p> <p><b>videoplaybackmode.</b> Determines whether administrators use RDP-efficient multimedia streaming for video playback. This can <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Running-GPU-passthrough-for-a-virtual-desktop-with-Hyper-V">offload video GPU work</a> to the local GPU instead of the remote GPU.</p> <p><b>connection type.</b> Steers the maximum used bandwidth the remote session can use.</p> <p><b>networkautodetect.</b> With this option, administrators can autodetect network type and settings from the local client.</p> <p><b>bandwidthautodetect.</b> Enables or disables the autodetection of network bandwidth.</p> <p><b>displayconnectionbar.</b> With this option, admins can enable or disable the connection bar that they would normally see at the top of the Remote Desktop Session.</p> <p><b>enableworkspacereconnect.</b> With this option, admins can determine if a Remote Desktop Session should reconnect when it is disconnected.</p> <p><b>disable wallpaper.</b> Enables administrators to turn off the wallpaper of the remote session, which can improve the session quality.</p> <p><b>allow font smoothing.</b> Turns on ClearType in the RDP session.</p> <p><b>allow desktop composition.</b> Determines if the admin can use the modern Windows interface within the remote desktop session.</p> <p><b>disable full window drag.</b> With this option, admins can disable the content in a window while a user is dragging it, which can improve session performance.</p> <p><b>disable menu anims.</b> With this option, admins can disable menu animations, which improves session performance.</p> <p><b>disable themes.</b> Disables Windows Themes in the remote session.</p> <p><b>disable cursor setting.</b> With this option, admins can disable cursor animations, which will improve session performance.</p> <p><b>bitmapcachepersistenable.</b> Enables the client device to create a cache of bitmaps that are rendered during the session, improving performance.</p> <p><b>full address.</b> This is the fully qualified domain name of the server the admin is trying to connect to. In a full remote desktop deployment, this will have the connection broker address, which then load balances the session.</p> <p><b>audiomode.</b> With this option, admins can disable the local client to play audio from the remote host.</p> <p><b>redirectprinters.</b> Enables or disables the redirection from local printers to the remote session.</p> <p><b>redirectlocation.</b> Enables or disables the redirection of the local device's location service to the remote session.</p> <p><b>redirectcomports.</b> Enables or disables the redirection from local COM ports to the remote session.</p> <p><b>redirectsmartcards.</b> Enables or disables the redirection from local smart cards to the remote session.</p> <p><b>redirectwebauthn.</b> Enables or disables the redirection from local web authentication -- such as Windows Hello -- to the remote session.</p> <p><b>redirectclipboard.</b> Enables or disables clipboard redirection between the local computer and the remote session.</p> <p><b>redirectposdevices.</b> Enables or disables the redirection from local point-of-service devices to the remote session.</p> <p><b>autoreconnection enabled.</b> Enables the RDP session to automatically reconnect on a disconnect.</p> <p><b>authentication level.</b> Determines what happens when authentication to the server fails.</p> <p><b>prompt for credentials.</b> Enables or disables the prompt for authentication.</p> <p><b>negotiate security layer.</b> Determines which level of security is negotiated.</p> <p><b>remoteapplicationmode.</b> Enables RemoteApp mode instead of a desktop.</p> <p><b>alternate shell. </b>If a RemoteApp is configured, this will launch the application instead of the full Windows shell desktop.</p> <p><b>shell working directory.</b> Specifies the working directory of the RemoteApp.</p> <p><b>gatewayhostname.</b> Determines whether a Remote Desktop Gateway is configured in the deployment.  </p> <p><b>gatewayusagemethod.</b> Determines whether or not the connection uses an RD Gateway.</p> <p><b>gatewaycredentialssource.</b> Specifies which authentication method is used on the gateway.</p> <p><b>gatewayprofileusagemethod.</b> Selects whether to use the default RD Gateway profile or the user-specified gateway settings.</p> <p><b>promptcredentialonce.</b> With this option, administrators can choose to save the user credentials after they have been entered.</p> <p><b>gatewaybrokeringtype.</b> Determines the type of Gateway server used.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Ensure your end users never open an unknown RDP file, and never email them an RDP file in the first place. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p><b>use redirection server name.</b> Enables the use of a redirection server for the RD Gateway.</p> <p><b>rdgiskdcproxy.</b> Sets the use of a proxy for the user credentials over Kerberos.</p> <p><b>kdcproxyname.</b> The name of the Kerberos Key Distribution Center proxy server.</p> <p><b>enablerdsaadauth.</b> Decides whether admins can use Microsoft Entra ID to connect to the remote server.</p> <p>There are a lot of options that remote desktop administrators can preconfigure in an RDP file for end users. A good tip for distributing preconfigured RDP files is to <a href="https://learn.microsoft.com/en-us/azure/storage/blobs/storage-blobs-introduction" target="_blank" rel="noopener">use</a> an Azure storage container. Then, use a remediation PowerShell script in Microsoft Intune. This enables central management and a remediation script to check for changes to the RDP files.</p> <p>Lastly, admins need to keep the dangers of RDP files in mind. In October 2024, a Russian cybercrime organization named Midnight Blizzard <a href="https://www.techtarget.com/searchsecurity/news/366614828/Microsoft-warns-of-Midnight-Blizzard-spear-phishing-campaign">sent emails containing an RDP file</a>. The file was configured to connect to their server and had all redirection enabled. When someone clicked on the email's file and connected to the remote session, all local drives, clipboard, printers, etc. would connect to the remote session, which the hacker group controlled. That way, it could easily steal information and deploy ransomware. Ensure your end users never open an unknown RDP file, and never email them an RDP file in the first place.</p> <p>RDP offers flexibility and broad compatibility, but only when IT manages its underlying components and configuration files properly. With the right controls in place, IT leaders can treat RDP as a secure, high‑performance access platform that supports modern enterprise requirements.</p> <p><b>Editor's note: </b><i>This article was updated in March 2026 to improve the reader experience.</i></p> <p><i>Chris Twiest works as a technology officer at RawWorks in the Netherlands, focusing on the future Workspace and Cloud technologies for the end user.</i></p> </section> RDP sessions might seem pretty universal, but IT administrators should make sure they're familiar with all the customizations that RDP files support. https://cdn.ttgtmedia.com/rms/onlineimages/code_g684641103.jpg https://www.techtarget.com/searchvirtualdesktop/tip/What-are-RDP-file-settings-and-how-do-they-work Mon, 09 Mar 2026 16:44:00 GMT What are RDP file settings and how do they work? <p data-end="1184" data-start="1039">IT teams need to support remote desktop users with whatever peripheral device setup and troubleshooting they need, including multiple monitors.</p> <p data-end="1690" data-start="1191">Users in the financial sector and healthcare -- among many other industries -- are especially accustomed to multiple monitor configurations, putting pressure on IT to adjust the settings to meet user needs. The challenge is getting remote desktops to detect and interact with local hardware when the desktop isn't running locally.</p> <p data-end="1690" data-start="1191">When multiple monitors are not detected correctly in a remote desktop session, users might see only a single display, incorrect display resolutions or performance issues.</p> <section class="section main-article-chapter" data-menu-title="Configuring remote desktop sessions with the Windows App"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Configuring remote desktop sessions with the Windows App</h2> <p>Previously, remote desktops were available through the Remote Desktop app in the Microsoft Store. However, in May 2025, the Windows App replaced the Remote Desktop app, and the transition is not yet complete.</p> <p>It's still possible to access a Windows desktop from another Windows computer with the Microsoft Remote Desktop Connection application, MSTSC.exe. For other platforms, such as macOS, accessing a Windows desktop is only possible with the Windows App. Connecting to a desktop in Microsoft Azure also involves using Windows App from a Windows computer.</p> <p>The Windows App is available in the Microsoft Store, Apple App Store and Google Play Store. Additionally, browser access to remote desktops is <a target="_blank" href="https://windows.cloud.microsoft/" rel="noopener">available</a> through the Windows Cloud portal.</p> <p><iframe title="Which remote desktop connections do different platforms support?" aria-label="Table" id="datawrapper-chart-ZpEwV" src="https://datawrapper.dwcdn.net/ZpEwV/1/" scrolling="no" frameborder="0" style="width: 0; min-width: 100% !important; border: none;" height="524" data-external="1"></iframe> <script type="text/javascript">window.addEventListener("message",function(a){if(void 0!==a.data["datawrapper-height"]){var e=document.querySelectorAll("iframe");for(var t in a.data["datawrapper-height"])for(var r,i=0;r=e[i];i++)if(r.contentWindow===a.source){var d=a.data["datawrapper-height"][t]+"px";r.style.height=d}}});</script> </p> <p>Access to virtual desktops from the Windows App requires a Microsoft work or school account and doesn't work with a personal account.</p> <p>Organizations should consider a phased adoption of the Windows App, balancing legacy RDP support with modern features. This approach maximizes employee productivity, minimizes support overhead and ensures alignment with long-term IT strategy.</p> <h3>Technical considerations for setup</h3> <p>Enabling multiple monitors in Windows App is an option that the end user needs to set up on their Windows or Mac device. As an IT administrator, it's not something you can configure on the server side. As such, it might be a good idea to write up a good user instruction manual -- feel free to base it off of these instructions.</p> <p>Before IT embarks on this process, it's important to keep the limitations of multiple monitor RDP in mind. While it should be more than enough to have two medium-resolution monitors, RDP supports <a target="_blank" href="https://social.technet.microsoft.com/wiki/contents/articles/31983.remote-desktop-protocol-maximum-supported-resolutions.aspx" rel="noopener">up to</a> 16 displays. Administrators can further reduce this limit. RDP users are also limited to a maximum resolution of 8192x8192, though this might vary between environments. IT can also <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Fix-Windows-11-remote-desktop-credentials-that-dont-work">connect through RDP to a virtual desktop</a> on a virtual server with multiple monitors. This will simply create a virtual desktop on the end user's monitors.</p> </section> <section class="section main-article-chapter" data-menu-title="Set up multiple monitors on a remote desktop session"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Set up multiple monitors on a remote desktop session</h2> <p>With the new Windows App, the steps to set up multiple monitors on a remote desktop session are fairly straightforward. However, the process varies depending on the OS in use.</p> <p>In enterprise environments, Windows or macOS are the typical platforms for multi-monitor remote desktop configurations.</p> <h3>How to set up multiple monitors for remote desktop use on Windows</h3> <p>To enable and customize multiple monitor support for a remote desktop session on a Windows device, use the following steps:</p> <ol type="1" start="1" class="default-list"> <li>From the Windows App, select <b>Devices</b>, then find the device you want to configure the display settings for.</li> <li>Select the three dots on the panel representing the device, then click on <b>Settings</b>.</li> <li>Toggle off the <b>Use default settings</b> switch.</li> <li>Under Display Settings, select one of the following options:</li> <ul type="disc" class="default-list"> <li><b>All displays.</b> This setting automatically uses all displays for the device.</li> <li><b>Single display.</b> With this setting, you choose one display to use.</li> <li><b>Select displays.</b> With this setting, you select two or more specific displays to use.</li> </ul> </ol> <p>Additionally, Windows continues to support several traditional and advanced Remote Desktop Connection methods. These can be helpful in environments that use legacy tools, scripting or specialized configurations.</p> <p>The first option is to use the traditional Remote Desktop Connection client. Click on the search bar on the Start menu and type in <em>mstsc /multimon</em>. This will start up the RDP client in a multi-monitor configuration. From here, you can enter the server address, and <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Top-5-remote-desktop-connectivity-problems-and-how-to-prevent-them">it will automatically connect to the server</a> full screen on all your monitors.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/configure_multiple_monitors_1-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/configure_multiple_monitors_1-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/configure_multiple_monitors_1-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/configure_multiple_monitors_1-h.jpg 1280w" alt="Screenshot of the display setting of the Remote Desktop Connection agent." data-credit="Chris Twiest" height="327" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. The Remote Desktop Connection agent, showing the option to use all monitors checked off. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The legacy RDP client also enables multi-monitor support through the UI. Launch the Remote Desktop Connection agent the usual way from the Start menu. Then, go to the <b>Display</b> tab and select <b>Use all my monitors for the remote session </b>(Figure 1).</p> <p>The last legacy option is to edit the RDP file directly. This approach is more advanced.</p> <p>You can save the connection settings of the RDP session in the general tab of the RDP client. These settings will then be saved in an RDP file. You can edit this file within the client, or simply with the Notepad app.</p> <p>After opening the RDP file in Notepad, you can change multiple options. But the one that configures multiple monitors is called <b>use multimon:i:1</b>. The number 1 means the option is enabled, and 0 means the option is not enabled.</p> <h3>How to set up multiple monitors for remote desktop use on macOS</h3> <p>To configure multiple monitor support for a remote desktop session on a macOS device, use the following steps:</p> <ol type="1" start="1" class="default-list"> <li>From the Windows App, select <b>Devices</b>, then find the device you want to configure the display settings for.</li> <li>Select the pencil icon on the panel representing the device.</li> <li>Check the box next to <b>Use customized settings</b>.</li> <li>On the <b>Display</b> tab, select the <b>Use all monitors</b> option (Figure 2).</li> </ol> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/multiple_monitors_rd_1-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/multiple_monitors_rd_1-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/multiple_monitors_rd_1-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/multiple_monitors_rd_1-h.jpg 1280w" alt="The macOS remote desktop display settings in the Windows App." data-credit="Rob Bastiaansen" height="248" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. The macOS remote desktop display settings. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Multiple monitors in the macOS Windows App is an all-or-nothing selection. In comparison to Windows, where users can choose which monitors to use, on macOS, users can only choose to use one or all monitors.</p> <p>The 'select displays' feature was available in the Remote Desktop app on macOS. If this option is important for your users, then it's better not to update the app unless Microsoft eventually brings back the feature.</p> <p>To manually enable multi-monitor mode in macOS, edit the RDP file with Text Editor in the same way as editing the RDP file on Windows. <a href="https://www.techtarget.com/searchenterprisedesktop/tip/Set-up-Windows-Remote-Desktop-on-a-Mac-device">For macOS, the same setting for multiple monitor support</a> is called <b>usemultimon:i:1</b>, where 1 means enabled and 0 means disabled.</p> </section> <section class="section main-article-chapter" data-menu-title="Ensuring positive UX on multi-monitor RDP sessions"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Ensuring positive UX on multi-monitor RDP sessions</h2> <p>Enabling multi-monitor access on a remote desktop is the first and most essential step to providing good UX, but IT teams need to account for several other factors.</p> <h3>Using published applications on multiple monitors</h3> <p>Published applications are apps that are loaded from an RDP session, but instead of showing the full remote desktop, the end user can only see the image of the chosen app. This should automatically work on multiple monitor setups. In addition, the end user can drag and drop the application screen to any connected monitor they want.</p> <p>Using published apps also gives more freedom of use on the end user's device because it will appear that the remote applications are running exactly the same as any local applications. This makes switching between these apps feel natural and normal. It's an excellent alternative for users who only need hosted applications and can run a native desktop for work. The method is especially helpful if the end user connects from a capable <a target="_blank" href="https://www.techtarget.com/searchenterprisedesktop/opinion/Windows-apps-are-here-to-stay-and-thats-OK" rel="noopener">Windows device that also hosts local applications</a>.</p> <h3>The 'use selected monitors' option for legacy systems</h3> <p>In legacy RDP clients, sessions automatically detect and use all monitors. However, this might not be the best user experience in certain situations. Consider an example where you have three monitors and want to use local apps on monitor one and use monitors two and three for an RDP session.</p> <p>For computers still running the legacy Remote Desktop app, the 'use selected monitors' option can configure this setup. This option doesn't apply to the Windows App and only works in legacy RDP clients.</p> <p><a href="https://www.techtarget.com/searchvirtualdesktop/tip/How-to-access-and-interact-with-the-RDP-Task-Manager">Running the command MSTSC /L</a> will output the available monitors on the system and show the monitor IDs. In this example, the monitor hosting local apps has ID 0, and the other two monitors have ID 1 and 2. With this information, you can edit the RDP file by adding the <b>selectedmonitors:s:</b> option. The correct configuration in this example would be <b>selectedmonitors:s:1,2</b> together with <b>use multimon:i:1</b>.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The challenge is getting remote desktops to detect and interact with local hardware when the desktop isn't running locally. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> </section> <section class="section main-article-chapter" data-menu-title="Troubleshooting multi-monitor remote desktop performance issues"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Troubleshooting multi-monitor remote desktop performance issues</h2> <p>When using multiple monitors for a remote desktop, performance issues can occur. Users might experience slow screen refresh rates, distorted images or video frame drops, for example. In some cases, a user might not be able to connect to a second monitor in the first place. All these issues can hinder user productivity and increase help desk requests.</p> <p>For any problems with multiple monitor remote desktop setups, IT can try a few key troubleshooting steps.</p> <h3>Check for human error</h3> <p>Make sure the Windows App is configured to show the remote desktop on multiple monitors. The user might say they enabled it, but you should look for yourself to confirm they haven't missed something.</p> <h3>Make sure all monitors are working properly with the local OS</h3> <p>If the local setting is to mirror the displays, then both monitors should show the same remote desktop screen. Instead, you can configure the monitors to extend the desktop to the additional displays.</p> <h3>Make sure the remote computer supports multiple monitors</h3> <p>When connecting to a computer running Windows Home, only a single monitor is supported. For multiple monitor support, the computer needs to be running Windows Pro, Enterprise or Windows Server.</p> <p>In general, admins should ensure all remote desktops are configured on supported systems. This minimizes operational risk and prevents <a href="https://www.techtarget.com/searchcio/tip/6-dangers-of-shadow-IT-and-how-to-avoid-them">workarounds that could compromise compliance</a> in regulated industries.</p> <h3>Verify the screen resolution</h3> <p>Another possible fix is to check the screen resolution. Selecting a resolution that's too high in multiple monitors might exceed the maximum total resolution for all combined displays.</p> <h3>Check the available bandwidth</h3> <p>When all monitors are in use and the UX isn't optimal, find out the available bandwidth. The combined resolution might be too high for the network connection.</p> <p>IT decision-makers should also note that high-resolution multi-monitor setups can increase network load, which might require <a href="https://www.techtarget.com/searchnetworking/feature/Top-ten-ways-to-optimize-network-performance">bandwidth investments</a> to maintain consistent performance.</p> <h3>Access the remote desktop from another client</h3> <p>To verify whether the problem is within the remote desktop or within the client, access the remote desktop from another client. If another client does work with multiple monitors, the remote desktop is the most likely source of the problem.</p> <p>If none of these steps solves the issue, restart the remote desktop and try reconnecting. If that doesn't work, try the same process with the client computer.</p> <p>IT can also check the log files for any indication of the possible source of a multi-monitor RDP problem. Logging is enabled by default for the Windows App. On Windows, the logs are located in %temp%\DiagOutputDir\Windows365\Logs.</p> <p>On macOS, you can access the log location from the Windows App menu under Help > Troubleshooting > Logging. In the dialog, you can configure the logging level and open the logs folder. </p> <p><b>Editor's note:</b> <i>This article was originally written by Chris Twiest in June 2023. Rob Bastiaansen updated this article to reflect changes in Microsoft's remote desktop options and troubleshooting steps.</i></p> <p><i>Chris Twiest works as a technology officer at RawWorks in the Netherlands, focusing on the future Workspace and Cloud technologies for the end user.</i></p> <p><i>Rob Bastiaansen is an independent trainer and consultant based in the Netherlands specializing in VMware and Linux. He writes articles for several print and online publications, and is founder of VMwarebits.com, a site dedicated to technical content related to VMware.</i></p> </section> Learn how to set up multiple monitors for remote desktop sessions across Windows App, macOS and legacy RDP clients, plus tips for troubleshooting performance issues. https://cdn.ttgtmedia.com/rms/onlineimages/security_a254815015.jpg https://www.techtarget.com/searchvirtualdesktop/tip/How-to-configure-multiple-monitors-for-remote-desktop-use Fri, 06 Mar 2026 12:11:00 GMT How to configure multiple monitors for remote desktop use <p>Deploying local desktops may seem simpler, but organizations shouldn't overlook the benefits of desktop virtualization.</p> <p>Desktop virtualization has become a key strategy for organizations that support hybrid work, bring-your-own-device programs and centralized endpoint management. Instead of managing software and operating systems across hundreds or thousands of individual devices, IT teams can deliver desktop environments from centralized infrastructure or cloud platforms.</p> <p>IT teams can deliver virtual desktops in several ways, each with a different hosting model:</p> <ul class="default-list"> <li><strong data-end="1294" data-start="1253">Virtual desktop infrastructure (VDI).</strong> Organizations host virtual desktops on infrastructure they manage internally.</li> <li><strong data-end="1548" data-start="1516">Desktop as a service (DaaS).</strong> A third-party provider hosts the virtual desktops, sometimes managing infrastructure and updates.</li> <li><strong data-end="1831" data-start="1797">Hybrid desktop virtualization.</strong> Organizations combine elements of VDI and DaaS, hosting some components internally while outsourcing others.</li> <li><strong data-end="2137" data-start="2118">Remote desktop.</strong> Users connect remotely to an existing desktop operating system running on another endpoint.</li> </ul> <p>Regardless of how organizations deliver virtual desktops, several key benefits apply across most virtualization approaches. IT departments and executives who create plans for end-user computing should familiarize themselves with the benefits of desktop virtualization and how to make the most of them.</p> <section class="section main-article-chapter" data-menu-title="1. Centralized management"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Centralized management</h2> <p>The most well-known benefit of desktop virtualization is that all desktop management occurs from a central location. Some organizations require users to restart laptops over a few weeks to apply a key update, download a new bit of software or add a new desktop configuration.</p> <p>With virtual desktops, there is no such downtime. The end users don't have access to their desktops until they connect to the virtual desktop host, so any updates or software changes can happen during downtime. Often, IT teams push out these updates when the fewest employees are working, such as overnight or during the weekend.</p> <p>For example, if an organization wants to deploy a new video editing application, its IT team needs to deploy that software. Once the users who need the latest software have logged off for the day, IT teams can alter the virtual desktop image for that user group to include the new virtual application. IT admins can get the virtual app up and running in advance and <a href="https://www.techtarget.com/searchenterprisedesktop/feature/How-to-build-a-virtual-lab-with-Hyper-V">test it in a virtual desktop lab setting before deployment</a>.</p> <p>This process requires a hard reset of the desktop with laptops or PCs running local desktops. It may also cause compatibility issues for users who don't have the right OS version or have made some alterations to the desktop's base settings. This is not likely to happen with every instance, but there's a reason that IT departments try to test software and updates before deploying them.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/benefits_of_desktop_virtualization-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/benefits_of_desktop_virtualization-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/benefits_of_desktop_virtualization-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/benefits_of_desktop_virtualization-f.png 1280w" alt="Chart highlighting the main benefits of desktop virtualization for businesses." height="198" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Desktop virtualization provides benefits such as centralized management, improved scalability, hardware cost savings and easier backup and recovery. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="2. Easier to scale and deploy"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Easier to scale and deploy</h2> <p>Deploying a new laptop or PC isn't as difficult as it once was. Zero-touch enrollment is now commonplace for many organizations, and <a href="https://www.techtarget.com/searchvirtualdesktop/opinion/11-more-alternative-desktop-and-app-virtualization-vendors">numerous service vendors</a> handle getting properly provisioned devices to end users. And yet, it's still simpler to spin up and deploy virtual desktops to end users.</p> <p>Laptops and PCs with local OSes require someone to load an OS onto the endpoint, connect the user's work accounts, and ensure all required software is present and the desktop is connected to the organization's desktop management platform. For a virtual desktop endpoint, whoever provisions the device only needs to configure the user credentials and ensure it can connect with the desktop virtualization host.</p> <p>Beyond the device itself, organizations don't have to wait for a bulk endpoint seller to get new devices with desktop OSes properly licensed and running on them. Virtual desktop OSes are much easier to create, regardless of what virtualization method an organization is using. If an outside vendor provides these OSes via DaaS, an IT admin has to reach out to the <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Compare-7-desktop-as-a-service-providers">DaaS provider</a> and ask to increase their subscription to take on more users. If an organization runs the desktops in its own VDI, IT teams need to make the changes on the back-end servers to ensure they have the capacity for the new virtual desktops.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> The most well-known benefit of desktop virtualization is that all desktop management occurs from a central location. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> </section> <section class="section main-article-chapter" data-menu-title="3. Cost savings on endpoint hardware"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Cost savings on endpoint hardware</h2> <p>Organizations can also benefit from the cost savings of virtual desktops. A virtual desktop does not require a fully featured endpoint running a locally licensed operating system. Further, <a href="https://www.techtarget.com/searchnetworking/definition/thin-client">thin clients</a> can save organizations on hardware costs because these devices are stripped-down endpoints specializing in hosting virtual desktops. They rely mostly on peripheral devices to support user interaction with the virtual desktop and can be incredibly small and cost-effective.</p> <p>Thin clients are much simpler for admins to manage, so they don't have to spend as much time working on them. And calculating labor hours is a key factor in understanding a technology's <a href="https://www.techtarget.com/searchdatacenter/definition/TCO">total cost of ownership</a>.</p> <p>Virtual desktops can also <a href="https://www.techtarget.com/searchmobilecomputing/feature/Key-benefits-of-enacting-a-BYOD-policy">work for BYOD scenarios</a>, another way organizations can save on hardware. If a user brings their own laptop, there's no need for any hardware purchase.</p> </section> <section class="section main-article-chapter" data-menu-title="4. Accessible through a browser or desktop"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Accessible through a browser or desktop</h2> <p>Virtual desktops support BYOD scenarios because they can run within an existing laptop's operating system. The virtual desktop can run in a sandbox within the desktop, ensuring that the security of the underlying OS doesn't threaten the work-related desktop session. The reverse side of this is that IT can prevent the proliferation of corporate data with the proper configurations.</p> <p>This doesn't have to be the main virtual desktop workstation for an end user for it to come in handy. A user relies on a thin client while in the office, but on remote days, they could run the virtual desktop within a secure browser on a personal endpoint. This could also help if users need to travel, as it's much more convenient to pack a laptop than a thin client with numerous peripherals.</p> <p>With the proper virtual desktop agent installed on any desktop OS -- or a secure and functioning browser -- end users can access their resources in various ways even if they don't have their usual workplace endpoint.</p> </section> <section class="section main-article-chapter" data-menu-title="5. IT controls updates and versions of OSes, software and services"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. IT controls updates and versions of OSes, software and services</h2> <p>Ensuring that all desktops, applications and services are running their latest versions can bring peace of mind to IT teams. The uniformity of different versions improves the security posture of an organization's users and delivers new quality-of-life updates quickly to facilitate productivity.</p> <p>Consider a situation with a significant vulnerability in a key piece of business software -- or even the desktop OS itself. Once there is a patch from the first-party vendor, IT teams must get it distributed as soon as possible.</p> <p>With a PC or a laptop, IT teams may need users to restart their laptops as soon as possible to<a href="https://www.techtarget.com/searchenterprisedesktop/tip/12-best-patch-management-software-and-tools"> apply critical patches</a>. However, virtual desktops take that burden away from the user. Instead, IT can apply the patch to the virtual desktops during off-work hours, and the next time users log on to their OS, they have the latest patches and updates.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/gctocRTgq-U?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> </section> <section class="section main-article-chapter" data-menu-title="6. Easier backup when major disruptions occur"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6. Easier backup when major disruptions occur</h2> <p>Desktop virtualization enables IT teams to quickly replicate and recreate desktop environments for end users. The need for quick backup can come into play in various situations, such as disaster recovery for large-scale and technical issues that a single user might be experiencing.</p> <p>If a region's data center has an outage, a backup data center should exist at a separate physical location to help IT teams quickly redistribute the desktops. Organizations with a DaaS subscription should confirm via their <a target="_blank" href="https://learn.microsoft.com/en-us/azure/cloud-adoption-framework/scenarios/wvd/eslz-business-continuity-and-disaster-recovery" rel="noopener">provider</a> that they can rely on options like this with the vendor, but this backup option is the industry standard.</p> <p>Things get more complicated regarding VDI backup, as an organization must account for these scenarios with its own data centers and planning. But this shouldn't be a major issue for an organization that is large enough to consider deploying VDI, especially if it's an organization that spans multiple locations across the U.S. or around the world.</p> <p>Consider a scenario where a user has issues with a critical business application or the underlying desktop OS. With a PC or laptop, that user would have to reach out to IT and hope they could successfully handle the issue by directly interfacing with it in person or via remote desktop technology.</p> <p>In the office, IT could give the user a temporary laptop while it works on the user's usual endpoint. The user will likely spend a long time getting all their accounts signed in and ensuring they have all the necessary resources. But, if the worker is remote, it gets even more difficult. A user may have to log off for the day due to the lack of a suitable replacement endpoint.</p> <p>A virtual desktop helps with all these acute user issues because IT could simply terminate the desktop instance and recreate it with all the resources, access and accounts the end user needs.</p> <p>While desktop virtualization introduces its own infrastructure and management considerations, the model continues to appeal to organizations that need stronger security controls, centralized desktop management and flexible access for distributed workforces. As IT teams evaluate strategies such as VDI, DaaS and hybrid desktop delivery models, understanding these benefits can help determine whether desktop virtualization aligns with long-term end-user computing goals.</p> <p><i>John Powers was senior site editor for TechTarget's Enterprise Desktop, Virtual Desktop and Mobile Computing. He graduated from the Philip Merrill College of Journalism at the University of Maryland.</i></p> </section> There are several ways to manage and deliver desktops to end users, and a few of them involve desktop virtualization. Find out what the major benefits of virtualization are. https://cdn.ttgtmedia.com/rms/onlineimages/container_g1074391400.jpg https://www.techtarget.com/searchvirtualdesktop/feature/Benefits-of-desktop-virtualization-for-businesses Fri, 06 Mar 2026 09:57:00 GMT 6 benefits of desktop virtualization for enterprise IT teams <p data-end="376" data-start="123">When a Windows 11 Remote Desktop session opens to a black screen, users cannot access applications or interact with the system. For IT teams supporting remote desktops, quickly diagnosing the cause of the black screen is essential to restoring access.</p> <p data-end="580" data-start="383">Users can't simply reboot their endpoint to fix the issue as they might with a local desktop. IT admins and help desk teams need a plan to quickly diagnose the root cause and restore the session.</p> <p data-end="838" data-start="587">A black screen in a Windows Remote Desktop session usually occurs when the session cannot properly render the desktop environment. This can occur because of graphics driver problems, interrupted updates, network issues or incorrect display settings.</p> <p data-end="1064" data-start="845">While these six steps can address the most common issues that occur with Remote Desktop Protocol (<a href="https://www.techtarget.com/searchenterprisedesktop/definition/Remote-Desktop-Protocol-RDP">RDP</a>) and Windows 11, many of these troubleshooting steps also apply to Windows 10 and Windows Server 2016, 2019 and 2022.</p> <section class="section main-article-chapter" data-menu-title="1. Review the latest Windows updates"> <h2 class="section-title"><i class="icon" data-icon="1"></i>1. Review the latest Windows updates</h2> <p>One of the most common causes of a Windows 11 Remote Desktop black screen is a Windows update that is in progress. When a remote system is performing a Windows update, the remote desktop services get interrupted. This leads to the remote desktop displaying a black screen until the system is done updating and restarts.</p> <p>It's always good to stay on top of the Windows updates and ensure your system runs the latest updates, but new updates can introduce unexpected problems. Windows updates occasionally introduce compatibility issues that affect Remote Desktop Services. This should serve as a reminder for you to always test the latest updates before deploying them to your end users <a href="https://www.techtarget.com/searchenterprisedesktop/tip/Windows-10-updates-to-avoid-and-how-to-address-them">because they could cause issues</a>. You should consider turning off Windows Update service on live production VDI, especially when using any image management technology such as Citrix Machine Creation Services.</p> <p>The best way to handle the Windows updates is to either put them in the golden image of your desktop host when using an image management system, or update your remote desktop hosts once a month outside of official work hours. This can be as simple as starting up the Windows Update services once a month on a Sunday evening and running the updates. You can also use a PowerShell <a target="_blank" href="https://www.powershellgallery.com/packages/PSWindowsUpdate/2.2.0.3" rel="noopener">module</a> to manage Windows updates.</p> <p>These issues can occur in both traditional remote desktop environments and cloud-hosted desktops such as Azure Virtual Desktop.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Common causes of a Windows Remote Desktop black screen</h3> <p>Remote Desktop sessions might display a black screen for several reasons. The most common causes include:</p> <ul class="default-list"> <li>Windows updates that interrupt Remote Desktop Services</li> <li>Graphics driver conflicts or outdated GPU drivers</li> <li>Network interruptions or unstable Wi-Fi connections</li> <li>Incorrect display resolution settings</li> <li>Profile loading problems in VDI environments</li> <li>Stuck Remote Desktop Services components</li> </ul> <p>Identifying which of these conditions occurred can help administrators quickly determine the correct troubleshooting step.</p> </div> </div> </section> <section class="section main-article-chapter" data-menu-title="2. Check for issues with the graphics drivers and licenses"> <h2 class="section-title"><i class="icon" data-icon="1"></i>2. Check for issues with the graphics drivers and licenses</h2> <p>Graphics drivers can cause issues with a remote desktop as well. There is an extensive list of known issues on the <a href="https://www.techtarget.com/searchdatacenter/news/366562344/AMD-Instinct-MI300-AI-accelerator-takes-aim-at-Nvidia-GPUs">Nvidia and AMD</a> forums about crashing drivers when using remote desktops. These vendors and others work to get fixes out quickly, but it's still helpful for admins to diagnose these issues quickly. Keep your graphics driver up to date on both the host and the client when using a remote desktop.</p> <p>Like with Windows updates, however, new graphics drivers can also break back-end systems and machines. So always test new display drivers before deploying them on your live production environments.</p> <p>In <a href="https://www.techtarget.com/searchvirtualdesktop/definition/virtual-desktop-infrastructure-VDI">virtual desktop infrastructure</a> environments, expired virtual GPU licenses can also cause black screen issues. This is, of course, less common if you use RDP to access a Windows 11 computer elsewhere. However, this issue can occur for enterprise environments that use VDI with virtual GPUs from Nvidia. This can occur with other virtual GPUs, but this example explains the process for Nvidia specifically.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> A black screen in a Windows Remote Desktop session usually occurs when the session cannot properly render the desktop environment. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>Since the M-series cards, Nvidia requires a virtual GPU license for each user connecting to the card. Nvidia has made a Linux appliance that serves as the GPU licensing server. Every time an end user signs in, a license is assigned to that user. When there are no licenses available, the end user might experience a failing session or a black screen issue when signing in. Nvidia licenses are often a set-and-forget system, and IT teams do not usually have to actively monitor the Linux appliance and the licensing manager.</p> <div class="youtube-iframe-container"> <iframe id="ytplayer-0" src="https://www.youtube.com/embed/_DNxgnINNAY?autoplay=0&modestbranding=1&rel=0&widget_referrer=null&enablejsapi=1&origin=https://www.techtarget.com" type="text/html" height="360" width="640" frameborder="0"></iframe> </div> <p>The licenses could have also expired because <a href="https://www.techtarget.com/searchitoperations/tip/Assign-GPUs-to-virtual-machines-with-VMware-vGPU-mode">these licenses</a> are often applicable for one to three years. IT might need to extend and update the licensing and deploy it to their servers. Make sure to put the end date of the licenses on your maintenance calendar with a reminder four weeks in advance to source new licenses. Also, you should open and check in with the Nvidia license manager once every month to see if there are still enough available and verify that there are no stale licenses.</p> </section> <section class="section main-article-chapter" data-menu-title="3. Test the remote desktop connection"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3. Test the remote desktop connection</h2> <p>Remote desktop sessions depend heavily on <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Top-5-remote-desktop-connectivity-problems-and-how-to-prevent-them">network stability</a>. This can occur on both internal networks and over internet connections. When users lose the connection to the remote desktop, they can experience a black screen when trying to reconnect.</p> <p>To ensure your users don't experience connection issues, advise them to connect to the internet over a wired connection such as Ethernet instead of relying on Wi-Fi.</p> <p>Similar connection issues can also affect hosted desktop platforms such as Azure Virtual Desktop or Windows 365, where unstable endpoint connectivity might cause sessions to reconnect to a black screen.</p> <p>If there is no other possibility, ensure that users have access to a strong, stable Wi-Fi connection. End users can always test their connection by using an online speed test. Monitoring tools such as ControlUp can monitor your end-user environment and see what kind of Wi-Fi connection they are using.</p> <div class="extra-info"> <div class="extra-info-inner"> <h3 class="splash-heading">Quick checks before deeper troubleshooting</h3> <p>Before investigating drivers or profile issues, administrators should confirm a few basic conditions:</p> <ul class="default-list"> <li>The remote system is not currently installing updates</li> <li>The network connection is stable</li> <li>The display resolution settings are compatible</li> <li>The user profile mounted successfully</li> </ul> <p>These quick checks can often resolve a black screen issue without deeper troubleshooting.</p> </div> </div> </section> <section class="section main-article-chapter" data-menu-title="4. Correct any faulty display settings"> <h2 class="section-title"><i class="icon" data-icon="1"></i>4. Correct any faulty display settings</h2> <p>Sometimes all it takes to cause a black screen on a remote desktop is an incorrect resolution setting. Go to the display tab when using the remote desktop client -- located at MSTSC.exe. Check if the display resolution slider is on the same setting as your remote desktop.</p> <p>Usually, sliding it all the way to the right and selecting full screen will automatically verify that the correct <a href="https://www.techtarget.com/whatis/definition/resolution">resolution</a> is in place. But if you experience issues, you can test setting it to the native resolution of the machine. It can also help to choose a lower resolution than your screen or the remote screen -- for example, 800x600 -- to ensure the connection works.</p> </section> <section class="section main-article-chapter" data-menu-title="5. Verify the remote desktop profile settings"> <h2 class="section-title"><i class="icon" data-icon="1"></i>5. Verify the remote desktop profile settings</h2> <p>One common issue is trouble with profiles and underlying profile management technologies, such as FSLogix. When a profile isn't correctly connected, a user can experience a black screen or be completely disconnected from the session. This can happen when the profile share is inaccessible, or when the profile disk has reached its maximum size.</p> <p>Admins can deploy the PreventLoginWithFailure setting, which means the remote desktop will block the login if the profile is not correctly connected. This can result in a strange interaction for your end users, but this way, they will know the session is problematic right away and can ask for help. The core of the challenge is to ensure that the profile management technology works and connects quickly. That's why it is essential to monitor your <a href="https://www.techtarget.com/searchnetworking/definition/file-server">file server</a> to determine if there is still enough free storage, and whether user profiles are not hitting their maximum. You should actively monitor your remote desktop profile environment and test every update thoroughly.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/enterprise_desktop-best_practices_rdp_sessions-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/enterprise_desktop-best_practices_rdp_sessions-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/enterprise_desktop-best_practices_rdp_sessions-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/enterprise_desktop-best_practices_rdp_sessions-f.png 1280w" alt="Illustration showing security best practices for protecting Remote Desktop Protocol sessions, including limiting login attempts, using two-factor authentication and enabling Network Level Authentication." height="329" width="559"> <figcaption> <i class="icon pictures" data-icon="z"></i>Security best practices for protecting Remote Desktop Protocol (RDP) sessions include limiting login attempts, enabling two-factor authentication and restricting access to port 3389. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="6. Check for stuck RDS components"> <h2 class="section-title"><i class="icon" data-icon="1"></i>6. Check for stuck RDS components</h2> <p>Another issue that can occur in Windows 11 RDP sessions is when Remote Desktop Services become stuck or unresponsive. As an administrator, you can easily fix this by starting <strong>Services.msc</strong> from the <strong>Run</strong> command. Then, select the option to connect to a different computer. Connect to the machine that has an issue, then select Remote Desktop Services > Restart.</p> </section> <section class="section main-article-chapter" data-menu-title="Why a remote desktop session might show a black screen"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why a remote desktop session might show a black screen</h2> <p>A black screen usually indicates that the remote desktop session started successfully but failed to load the graphical interface. This can occur because of graphics driver conflicts, display resolution mismatches, profile loading failures or network interruptions during session initialization.</p> <p><strong data-end="246" data-start="228">Editor's note:</strong> <em>This article was updated to reflect current troubleshooting practices for Windows 11 Remote Desktop environments and to include additional guidance for virtual desktop infrastructure and cloud-hosted desktop platforms. </em></p> <p><em>Chris Twiest works as a technology officer at RawWorks in the Netherlands, focusing on the standardization and automation of IT services.</em></p> </section> Remote desktops provide access to Windows systems but can sometimes display a full black screen. Learn six troubleshooting steps IT admins can use to restore the session. https://cdn.ttgtmedia.com/rms/onlineimages/keyboard_g516059959.jpg https://www.techtarget.com/searchvirtualdesktop/tip/Steps-to-fix-a-black-screen-on-a-Windows-11-remote-desktop Thu, 05 Mar 2026 22:00:00 GMT 6 steps to fix a black screen on a Windows 11 remote desktop <p>When Windows 11 Remote Desktop sessions freeze, the impact extends beyond individual users. For IT leaders responsible for endpoint management and hybrid workforce productivity, frozen remote sessions can interrupt access to business-critical applications and delay operational workflows.</p> <p>Problems with the Remote Desktop client -- MSTSC.exe -- on Windows 11 can lead to freezing and hanging sessions. When sessions hang, employees can lose access to line-of-business applications, internal systems and enterprise data hosted in remote environments.</p> <p>Some general remote desktop best practices, such as accounting for external peripheral hardware and making sure remote desktop users have a strong network connection with low latency, can resolve some of these issues. However, a recent Remote Desktop Protocol (<a href="https://www.techtarget.com/searchenterprisedesktop/definition/Remote-Desktop-Protocol-RDP">RDP</a>) issue has made frozen sessions much more common.</p> <p>This freezing on Windows 11 is tied to the Windows 11 22H2 release. While Microsoft addressed the underlying bug in later cumulative updates, organizations with inconsistent endpoint patch levels or mixed device configurations can still encounter the issue.</p> <section class="section main-article-chapter" data-menu-title="How to fix an RDP session that keeps freezing"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to fix an RDP session that keeps freezing</h2> <p>Microsoft RDP can <a href="https://www.techtarget.com/searchvirtualdesktop/answer/What-are-the-differences-between-TCP-and-UDP">run on TCP or UDP</a>, with UDP delivering a more stable connection. However, UDP is tied to the Windows 11 22H2 release issue. Remote desktop administrators can disable UDP with group policies as a workaround if they cannot apply the KB5022360 update to all of their clients.</p> <p>To do this, create a <a href="https://www.techtarget.com/searchwindowsserver/definition/Group-Policy-Object">Group Policy Object </a>and browse to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Connection client.<b> </b>Here, select the group policy <b>Turn Off UDP On Client </b>and enable the policy (Figure 1).</p> <p>This fix is just a workaround for the underlying problem, however, so running <strong data-end="725" data-start="707">Windows Update</strong> is the preferred and more permanent option.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/windows_remote_desktop_freezing_fix-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/windows_remote_desktop_freezing_fix-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/windows_remote_desktop_freezing_fix-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/windows_remote_desktop_freezing_fix-h.jpg 1280w" alt="Group Policy Editor showing the Turn Off UDP On Client setting for the Remote Desktop Connection client." height="158" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. Group Policy setting Turn Off UDP On Client in the Remote Desktop Connection client configuration. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Consider desktop environments beyond traditional RDP"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Consider desktop environments beyond traditional RDP</h2> <p>Many organizations now rely on hosted desktop environments such as <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Comparing-Windows-365-vs-Azure-Virtual-Desktop">Azure Virtual Desktop or Windows 365</a> instead of connecting directly to physical machines. While these platforms still rely on the Remote Desktop Protocol, the infrastructure supporting the connection is managed in the cloud. If freezing issues occur in these environments, administrators should review host session health, client versions and endpoint network conditions to determine whether the issue originates from the endpoint device or the hosted desktop environment.</p> <p>Troubleshooting remote desktops in these environments often starts with the same fundamentals as traditional RDP sessions: validating endpoint connectivity, confirming the client software version and verifying that recent Windows updates have been applied. Administrators should also check platform-specific monitoring tools to determine whether the issue stems from the endpoint device, the session host or the broader remote desktop infrastructure.</p> </section> <section class="section main-article-chapter" data-menu-title="How to deploy the latest Windows updates to all remote desktops"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to deploy the latest Windows updates to all remote desktops</h2> <p>Maintaining consistent Windows update levels across a distributed device fleet can be challenging, especially in hybrid environments where laptops often operate outside the corporate network for extended periods. This is especially true for the common hybrid work environment with laptops that aren't domain-joined but <a href="https://www.techtarget.com/searchwindowsserver/tip/What-should-admins-know-about-Microsoft-Entra-features">Microsoft Entra ID hybrid-joined</a>.</p> <p>Windows administrators used to roll out Windows updates with <a href="https://www.techtarget.com/searchwindowsserver/definition/Windows-Server-Update-Services-WSUS">Windows Server Update Services</a> on all machines, but now they need new methods to ensure all machines have the updates. This is especially important for updates that have a significant effect on performance and UX, such as the update that fixed the freezing issue.</p> <p>Windows Update for Business, which integrates with Microsoft Intune endpoint management, enables administrators to monitor update compliance across Windows devices and verify that clients are running builds that address stability issues. With Windows Update for Business, it's possible to run reports <a href="https://www.techtarget.com/searchenterprisedesktop/tip/How-to-add-and-enroll-devices-to-Microsoft-Intune">on all Intune-enrolled Windows 11 client devices</a> and check if they are running the latest Windows 11 build with the issue fixed. IT administrators should use Intune or a management tool with similar capabilities to Windows Update for Business to <a target="_blank" href="https://learn.microsoft.com/en-us/mem/intune/protect/windows-update-reports" rel="noopener">check</a> the compliance of end-user devices.   </p> <p>In hybrid work environments, consistent patching and endpoint configuration management are critical to maintaining reliable remote access experiences for distributed employees.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Frozen remote sessions can interrupt access to business-critical applications and delay operational workflows. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> </section> <section class="section main-article-chapter" data-menu-title="How to manage Windows updates to prevent version inconsistency"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to manage Windows updates to prevent version inconsistency</h2> <p data-end="774" data-start="544">To proactively prevent these version consistency issues, admins can manage Windows update rollouts. This way, if Windows releases a harmful or malfunctioning Windows build, desktop administrators can block it from being installed.</p> <p data-end="1476" data-start="776">Admins should also test every release and Windows update before deploying it within their organization. Make sure a test script can run on a test device when a new update is released, and keep the RDP client open for an extended period during testing.</p> <p data-end="1476" data-start="776">While this process can be time-consuming, testing new Windows builds against remote access workflows and critical enterprise applications helps IT teams identify stability issues early and maintain reliable remote connectivity across the organization. As remote access continues to support hybrid work environments, maintaining consistent endpoint configurations and update policies is essential to ensuring remote desktop reliability at scale.</p> <p data-end="1476" data-start="776"><strong data-end="268" data-start="250">Editor's note:</strong><em> This article was updated to reflect current Windows Remote Desktop environments and expanded to include guidance for cloud-hosted desktop platforms. </em></p> <p><i>Chris Twiest works as a technology officer at RawWorks in the Netherlands, focusing on the standardization and automation of IT services.</i></p> </section> Windows 11 Remote Desktop sessions can freeze due to updates, configuration issues or network problems. Learn how IT admins can troubleshoot and prevent RDP freezes. https://cdn.ttgtmedia.com/rms/onlineimages/check_g1268128622.jpg https://www.techtarget.com/searchvirtualdesktop/tip/What-to-do-when-a-Windows-11-remote-desktop-keeps-freezing Thu, 05 Mar 2026 19:25:00 GMT What to do when a Windows 11 Remote Desktop keeps freezing <p>Secure remote access is essential for protecting enterprise workloads, and organizations can't achieve it without strong controls over who can reach critical Windows systems.</p> <p>It's crucial for IT to be able to manage which users have remote desktop access to a Windows machine. Administrators primarily do this through the Remote Desktop Users group in Windows. While it sounds simple enough, there are multiple ways to manage it and several scenarios that can make it more complex.</p> <p>The Remote Desktop Users group controls who can remotely access Windows systems, which makes it a significant security and governance control point. Proper configuration improves operational efficiency, prevents unnecessary privilege escalation and <a href="https://www.techtarget.com/searchnetworking/tip/8-remote-work-security-risks-and-tips-to-mitigate-them">reduces attack surface</a>. IT leaders must understand how to manage access to the group using different tools, as well as the security factors that affect this process.</p> <section class="section main-article-chapter" data-menu-title="Understanding RDP access requirements"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Understanding RDP access requirements</h2> <p>If an admin wants to remotely manage a Windows-based machine, the easiest way to do this is using the Remote Desktop Protocol (RDP) feature that is built into the OS. RDP is available on most editions of Windows, including Windows Pro, Enterprise, Education and Windows Server editions.</p> <p>To be able to access a machine, a user must have Remote Desktop enabled, and the firewall must <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Top-5-remote-desktop-connectivity-problems-and-how-to-prevent-them">allow RDP traffic</a>. They also need a user account that is either an administrator account or part of the Remote Desktop Users group. By default, users who are a part of either of these groups will be authorized to log on remotely to the server.</p> <p>The authentication mechanism differs depending on whether the target machine is joined to a domain, not joined to a domain or joined directly to Entra ID. If the machine is joined to a domain, the target machine also needs to be able to reach a domain controller to authenticate to the machine with that account.</p> </section> <section class="section main-article-chapter" data-menu-title="Managing the Remote Desktop Users group"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Managing the Remote Desktop Users group</h2> <p>There are a few ways to manage access to remote desktop users. If an admin has local access to the machine, they can use the UI or PowerShell. This approach is the easiest for managing access on a per-machine basis.</p> <p>To manage Remote Desktop Users group access with the UI, navigate to Start > Computer Management > Local Users and Groups > Groups. Next, select <b>Remote Desktop Users</b> and define the user or group that should receive access (Figure 1).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_1-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_1-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_1-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_1-h.jpg 1280w" alt="The 'Computer Management' page in Windows." data-credit="Marius Sandbu"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. Configuring the Remote Desktop User group through the Windows UI. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>To <a href="https://www.techtarget.com/searchwindowsserver/tutorial/Learn-to-monitor-group-memberships-with-PowerShell">manage access with PowerShell</a>, type the following command in the PowerShell window:</p> <pre class="language-powershell"><code>Add-LocalGroupMember -Group "Remote Desktop Users" -Member nameofaccount</code></pre> <p>It's also possible to create a group of IT admins and assign them to the Remote Desktop Users group on a selected collection of devices. To do this, use Microsoft Intune.</p> <p>Open the Microsoft Intune admin center portal and navigate to<b> </b>Endpoint security > Account protection. From there, click <b>Create Policy</b>.</p> <p>On the Create a profile page, choose <b>Windows</b> from the first drop-down menu and<b> Local user group membership</b> from the second drop-down menu (Figure 2). Then, click <b>Create</b>.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_2-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_2-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_2-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_2-h.jpg 1280w" alt="The 'Create a profile' page in the Microsoft Intune admin center portal." data-credit="Marius Sandbu"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. Specifying the platform and profile type for a Remote Desktop Users group policy. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Specify a name for the policy, and go into configuration settings and select <b>Remote Desktop Users</b> from the drop-down menu under Local group. Select the users that should be added to the group, then specify any required scope tags and assign the policy to the appropriate group of devices (Figure 3).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_3-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_3-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_3-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_3-h.jpg 1280w" alt="The 'Create Policy' page in the Microsoft Intune admin center portal." data-credit="Marius Sandbu"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 3. Configuring settings for a Remote Desktop Users group policy. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Once this policy is deployed, it can take 30 to 60 minutes for it to be applied to the machines.</p> <h3>Managing RDP access for Azure VMs joined to Entra ID</h3> <p>The UI, PowerShell and Intune access management methods work for physical or on‑premises Windows machines. However, if the Windows machine is an Azure VM joined to Entra ID, RDP access requires an additional layer of authorization: Azure role-based access control (RBAC). Even if a user is in the Remote Desktop Users group, they might be unable to log on (Figure 4).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_4-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_4-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_4-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_4-h.jpg 1280w" alt="A Windows Security credentials error message." data-credit="Marius Sandbu"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 4. Without the proper Azure role assignment, users might receive an error message when trying to log on. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>For machines that are running in Azure and are joined to Entra ID, IT must <a target="_blank" href="https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments" rel="noopener">assign</a> the appropriate Azure role.</p> <p>The correct permissions must be configured in Microsoft Azure by assigning one of two roles to the VM. To do this, use Azure RBAC. Go to Virtual machine > Access control > Add role assignment. From there, select either <b>Virtual Machine User Login</b> or <b>Virtual Machine Administrator Login</b> for the user that needs access to the machine (Figure 5).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_5-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_5-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_5-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/remote_desktop_users_windows_5-h.jpg 1280w" alt="The 'Add role assignment' page in Microsoft Azure." data-credit="Marius Sandbu"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 5. Selecting a role assignment for a VM in Microsoft Azure. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The Azure agent on the VM will then add the user as a remote desktop user or administrator on the target machine. This also ensures that RBAC is handled by Azure.</p> </section> <section class="section main-article-chapter" data-menu-title="RDP access security considerations"> <h2 class="section-title"><i class="icon" data-icon="1"></i>RDP access security considerations</h2> <p>Even after configuring who can access a machine through the Remote Desktop Users group, admins must ensure that access is secure. By default, RDP does not provide built-in multifactor authentication (MFA). This means that if a bad actor gains access to a user's credentials, they could use RDP to gain unauthorized access to the machine. In <a href="https://www.techtarget.com/searchsecurity/tip/Top-3-ransomware-attack-vectors-and-how-to-avoid-them">many ransomware attacks</a>, for example, attackers use RDP as a method to gain access or move laterally inside the infrastructure.</p> <p>Therefore, it's important for IT departments to implement additional security measures -- such as VPNs with MFA, or RDP gateways that enforce MFA -- to protect RDP connections.</p> <p>IT should strictly limit access to only users and groups who require it for their job functions. This means regularly reviewing and auditing who has RDP access to machines and removing access for users who no longer need it. Admins can actively monitor RDP access using Windows Event Logs or a Security Information and Event Management (SIEM) platform such as Microsoft Sentinel. Active monitoring helps detect suspicious activity and potential security breaches.</p> <p>When <a href="https://www.techtarget.com/searchsecurity/tip/SIEM-implementation-steps-and-best-practices">using any SIEM product</a>, IT should look for the following event IDs:</p> <ul class="default-list"> <li><b>Event ID 4624: An account was successfully logged on.</b> This signals a successful RDP logon. While normal, a high volume of successful logons from unusual IP addresses or at unusual times could indicate compromise. For RDP sessions, look for logon type 10.</li> <li><b>Event ID 4625: An account failed to log on.</b> This signals a failed logon attempt. Frequent occurrences from a single source IP, especially with different usernames, can point to brute-force attacks. Analyze the Failure Reason and Sub Status codes for more details.</li> <li><b>Event ID 4634: An account was logged off.</b> This event shows when an RDP session ends.</li> <li><b>Event ID 4776: The domain controller attempted to validate the credentials for an account.</b> This event is relevant for domain-joined machines and indicates NT LAN Manager authentication attempts.</li> <li><b>Event ID 4870: Remote Desktop Services session reconnected.</b> This event occurs when a user reconnects to an existing RDP session.</li> <li><b>Event ID 4871: Remote Desktop Services session disconnected.</b> This event occurs when a user disconnects from an RDP session without logging off.</li> </ul> <p>SIEM platforms like Microsoft Sentinel let IT create custom rules and alerts to correlate event IDs with other security data, such as geolocation information, <a href="https://www.techtarget.com/whatis/definition/threat-intelligence-feed">threat intelligence feeds</a> and user behavior analytics. This enables sophisticated detection of anomalies. Examples of RDP access anomalies include the following:</p> <ul class="default-list"> <li>Multiple failed RDP logon attempts followed by a successful one from a different IP address.</li> <li>RDP logons from countries or regions where the organization does not operate.</li> <li>Unusual RDP logon times for specific user accounts.</li> <li>Spikes in RDP activity that deviate from baseline behavior.</li> </ul> <p>Regularly reviewing these logs and configuring appropriate alerts within the SIEM platform is vital for maintaining the security of the RDP infrastructure and detecting potential threats promptly.</p> <p>Effective management of the Remote Desktop Users group is essential for controlling who can access Windows systems remotely. Whether access is configured locally, through Intune or through Azure RBAC, organizations must pair access management with strong security controls. Limiting RDP exposure, enforcing MFA and continuously monitoring logon activity are key steps in reducing risk. By combining proper group configuration with layered security, IT teams can maintain operational flexibility without expanding the attack surface.</p> <p><i>Marius Sandbu is a cloud evangelist for Sopra Steria in Norway who mainly focuses on end-user computing and cloud-native technology.</i></p> </section> Managing the Remote Desktop Users group is essential for secure Windows access. IT teams should know how to configure it properly across local, Intune and Azure environments. https://cdn.ttgtmedia.com/rms/onlineimages/security_a385093447.jpg https://www.techtarget.com/searchvirtualdesktop/tip/How-to-configure-the-Remote-Desktop-Users-group-in-Windows Fri, 20 Feb 2026 15:15:00 GMT How to configure the Remote Desktop Users group in Windows <p>IT administrators can use Hyper-V on Windows 11 for a variety of business tasks, from testing software and services to securing individual sessions. However, there are several steps they need to take before Hyper-V and any virtual machines are ready to use.</p> <p>Successfully running Hyper-V requires a solid grasp of how it fits into existing security, infrastructure and operational workflows. IT teams must understand Hyper-V for Windows 11, including the prerequisites, how to enable it, and how to set up a VM and network. Additionally, as an administrator, you should learn what Hyper-V can do <a href="https://www.techtarget.com/searchitoperations/answer/Hyper-V-vs-VMware-comparison-What-are-the-differences">compared to other virtualization tools</a> and what features make it stand out.</p> <section class="section main-article-chapter" data-menu-title="Why use Hyper-V on a Windows 11 machine?"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Why use Hyper-V on a Windows 11 machine?</h2> <p>One of the biggest reasons that you might want to use Hyper-V is that it's free and included in your <a href="https://www.techtarget.com/searchenterprisedesktop/tip/What-do-the-different-licenses-for-Windows-11-come-with">Windows 11 Pro or Enterprise license</a>. Other virtualization software often requires you to pay extra. Even if some technologies are free -- for example, VMware Workstation Pro -- you must download and register the software. The enrollment process for Hyper-V is quite straightforward for Windows administrators.</p> <p>Virtualization is most often hosted on specialized servers with <a href="https://www.techtarget.com/searchitoperations/feature/How-to-choose-the-best-CPU-for-virtualization">many CPU cores</a> and plenty of RAM, so why would IT want to run Hyper-V on a Windows 11 machine? There are many good scenarios for this.</p> <h3>Security</h3> <p>Hyper-V is very useful for creating a VM to work within. This way, you can separate work and private software. You can even sandbox the machine on the network to only let it connect to corporate resources.</p> <p>Many viruses or ransomware still come through phishing emails or messenger apps. The risk of viruses and ransomware is much lower if you don't have social media or email on the VM. Also, the chance of spreading it to the company network is lower. IT administrators -- especially those who connect directly from their workstations to servers and the company back end -- should consider doing this from a secure VM.</p> <h3>Lab testing</h3> <p>Another good use of Hyper-V is a lab environment to test changes and updates to software. You can have a VM with company software and install the update first on the VM. Then, you can go through a testing procedure before installing the update on all computers in the corporate network.</p> <p>A major advantage of using Hyper-V is <a href="https://www.techtarget.com/searchitoperations/tip/A-beginners-guide-to-Hyper-V-checkpoints">its ability to create checkpoints</a>, which are snapshots of the VM, and bring the VM directly back to that point. You can quickly test out an update, and if it doesn't work, you can just set back the VM to the checkpoint. Then, it's immediately ready for another test.</p> <h3>Education and training</h3> <p>When engaging with IT training from vendors, you might learn about new tools that your organization doesn't use. Creating a VM on your own workstation to go through the training material can be an easy way to learn hands-on. Checkpoints can quickly reset these training machines to a clean state to let you do a different exercise or retry a lesson.</p> </section> <section class="section main-article-chapter" data-menu-title="Prerequisites for Hyper-V on Windows 11"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Prerequisites for Hyper-V on Windows 11</h2> <p>Running Hyper-V on a Windows 11 machine has the following prerequisites:</p> <ul type="disc" class="default-list"> <li>Windows 11 Pro or Enterprise 64-bit OS.</li> <li>A 64-bit processor with Second Level Address Translation.</li> <li>A minimum of 4 GB of RAM.</li> <li>BIOS-level hardware virtualization support.</li> </ul> <p>To check if a system meets these requirements, start up the Task Manager by right-clicking on the taskbar. In the CPU part of the performance tab, see if the processor has virtualization enabled (Figure 1).</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_1-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_1-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_1-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_1-h.jpg 1280w" alt="A screenshot of Virtualization turned on in the Windows 11 task manager. " data-credit="Chris Twiest" height="222" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 1. The CPU section of the Windows 11 task manager performance tab showing Virtualization set to enabled. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>Most modern CPUs and motherboards support virtualization by default, but it might be disabled.</p> <p>You can change the virtualization setting in your machine's BIOS. The best way to do this is to Google your motherboard type or laptop manufacturer for "[brand and model] change BIOS CPU virtualization setting." This should provide manual or guided steps to change the virtualization feature of your CPU.</p> <p>In the performance tab, you can also see if you have enough RAM to use Hyper-V. In Figure 1, there is a total of 15.9 GB, which exceeds the 4 GB needed. If the prerequisites are met, you can enable Hyper-V.</p> </section> <section class="section main-article-chapter" data-menu-title="3 methods to enable Hyper-V on Windows 11"> <h2 class="section-title"><i class="icon" data-icon="1"></i>3 methods to enable Hyper-V on Windows 11</h2> <p>There are three ways to enable Hyper-V. The first method relies on Windows features. First, search for Windows features in the Start menu. This will bring up the features window and let you turn features on or off. Scroll to Hyper-V and check the boxes for Hyper-V (Figure 2). After you click <b>OK</b>, the Hyper-V installation will start. After the installation, a prompt will appear to reboot the machine.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_2-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_2-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_2-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_2-h.jpg 1280w" alt="The Hyper-V option in the Windows Features menu shown to be checked to indicate they are on. " data-credit="Chris Twiest"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 2. The Windows Features menu with Hyper-V selected and the drop-down menus showing. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>You can also use the following command prompt to enable Hyper-V:</p> <pre><span style="font-family: 'courier new', courier, monospace;">DISM /Online /Enable-Feature /All /FeatureName:Microsoft-Hyper-V</span></pre> <p>After this <a href="https://www.techtarget.com/searchenterprisedesktop/definition/Microsoft-Windows-Deployment-Image-Servicing-and-Management-DISM">Deployment Image Servicing and Management</a> command runs, you will be prompted to restart the machine.</p> <p>The last way to enable Hyper-V on your system is to use the following PowerShell command:</p> <pre class="language-powershell"><code>Enable-WindowsOptionalFeature -Online -FeatureName Microsoft-Hyper-V-All</code></pre> <p>After the PowerShell script, you will be prompted to restart the machine.</p> <p>To start using Hyper-V, you'll need to start the Hyper-V Manager. This tool is installed when enabling Hyper-V on the system in the last step. Searching the Start menu for Hyper-V will prompt you to open the manager.</p> </section> <section class="section main-article-chapter" data-menu-title="How to manage Hyper-V on Windows 11"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to manage Hyper-V on Windows 11</h2> <p>In the Hyper-V Manager, you can create and manage multiple VMs, change global settings and set up virtual networking. If this is your first time using Hyper-V, look over the global settings and check the networking settings to see if they fit your use case.</p> <p>To access the global settings, click on <b>Hyper-V Settings... </b>in the Hyper-V Manager. This option should be under Actions, either on the right side or in the top bar.</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_4-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_4-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_4-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_4-h.jpg 1280w" alt="The storage location of the Virtual Hard Disks for the Hyper-V VMs." data-credit="Chris Twiest" height="262" width="280"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 3. The Virtual Hard Disks section showing the location of these large files. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The settings you can change here will affect how the VMs are created. There are two settings that have the most significant effect on your Hyper-V system. First, the virtual hard disk setting is where the <a href="https://www.techtarget.com/searchvirtualdesktop/definition/virtual-hard-disk-VHD">VHDs</a> are created for your VMs. You can browse to a different HDD or SSD location in your system to save these files (Figure 3). The VHD files can grow into large files and require available storage.</p> <p>The second setting to check is Virtual Machines, shown just below the Virtual Hard Disks setting in Figure 3. This is the location where VM configuration files are saved. Most of the time, you should save these in the same location as the VHDs.</p> </section> <section class="section main-article-chapter" data-menu-title="Networking for Hyper-V VMs"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Networking for Hyper-V VMs</h2> <p>The network is an integral part of Hyper-V because it works with virtual network switches, which you can set to different access levels. To access the Virtual Switch Manager, click on <b>Actions</b> in the Hyper-V Manager or on the right-side action pane under Hyper-V settings.</p> <p>Hyper-V will always create a default network switch. This will be an internal switch with NAT enabled.</p> <p>From there, you can create three types of switches: external, internal or private (Figure 4). Understanding the differences between these switches and selecting the correct one for your environment is essential.</p> <h3>Private switch</h3> <p>A private switch allows only communication between VMs on this private switch. It stops communication between the VM and the host.</p> <h3>Internal switch</h3> <p>An internal switch allows communication between all VMs on the switch and connection to the host. It can also communicate with the host and use its internet connection through NAT.</p> <h3>External switch</h3> <p>An external switch requires its own physical network adapter and can be used to separate the Virtual Machine and Host Networks.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_5-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_5-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_5-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_5-h.jpg 1280w" alt="The option to choose an External, Internal or Private virtual switch for the VM." data-credit="Chris Twiest"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 4. The Virtual Switch Manager showing the three types of virtual switches the administrator can create. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="How to create a VM with Hyper-V"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to create a VM with Hyper-V</h2> <p>After enabling Hyper-V and setting up the network and global settings, you can create a VM. Before you begin, <a href="https://www.techtarget.com/searchenterprisedesktop/tutorial/How-to-perform-a-Windows-11-ISO-file-install">you need an ISO of the OS you want to install</a>. This example uses an ISO of Windows Server 2022.</p> <p>To start creating a VM, select Action > New > Virtual Machine in the Action menu (Figure 5).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_6-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_6-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_6-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_6-h.jpg 1280w" alt="The drop-down menu for Action in Hyper-V Manager showing the option to create a new VM." data-credit="Chris Twiest"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 5. The Action menu showing the path to create a new VM. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>This will bring up the New Virtual Machine Wizard. On the first screen, click <b>Next</b>. Then, specify a name for the VM. You can also choose to store the VM in a different location than the one set in the global settings (Figure 6). After entering a name, click <b>Next</b>.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_7-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_7-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_7-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_7-h.jpg 1280w" alt="The New Virtual Machine Wizard showing the option to choose the storage location of the new VM." data-credit="Chris Twiest"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 6. The section of the VM setup process that specifies the location that Windows 11 will store the VM. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>This will bring you to the Generation selection screen. For modern OSes such as Windows Server 2022 or Windows 11, you can go with Generation 2 -- older OSes or 32-bit OSes require Generation 1. After selecting the right generation, click <b>Next</b>.</p> <p>Next, assign the VM the right amount of startup memory. If you check the Dynamic Memory box, the VM will not take all the RAM of the host assigned to it; rather, it takes only the memory it is using at the moment (Figure 7). After setting the right amount for your deployment, click <b>Next</b>.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_8-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_8-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_8-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_8-h.jpg 1280w" alt="The New Virtual Machine Wizard enabling the administrator to choose an amount of memory for the VM and whether to use Dynamic Memory. " data-credit="Chris Twiest"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 7. The option to assign startup memory for the new VM. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>On the next screen, select which virtual network switch the VM will connect to. Select the switch you decided on and click <b>Next</b>.</p> <p>After that, you need to configure the VHD for the VM. Select the option to create a new disk. By default, it will choose the location of the global Hyper-V settings to save the virtual hard drive. These VHDX files are dynamic and will only require the storage they use, not their full storage capacity (Figure 8). After setting up the disk, click <b>Next</b>.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_9-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_9-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_9-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_9-h.jpg 1280w" alt="The section of the New Virtual Machine Wizard pertaining to virtual hard disk creation." data-credit="Chris Twiest"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 8. The dynamic VHDX file, which will function as the virtual hard disk for the VM. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The last thing to do is select the ISO from which you want to install your OS on the VM and click Next > Finish. Now that the VM is created, you can connect to it and install the OS in the VM. To do this, right-click on the VM in the Hyper-V Manager and click <b>Connect</b>.</p> <p>After connecting, you can start the VM by selecting Action > Start or pressing the green power button in the upper left corner (Figure 9).</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_10-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_10-h_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_10-h_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_10-h.jpg 1280w" alt="The Virtual Machine Connection interface ready to boot up the VM. " data-credit="Chris Twiest"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 9. A test VM ready to be started up. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>The VM will now boot from the ISO and is ready to install the OS.</p> <p>After the OS installation, you don't need to install extra drivers, as is the case with many other virtualization tools. Because Hyper-V is a Microsoft product, the drivers are already <a target="_blank" href="https://learn.microsoft.com/en-us/windows-hardware/drivers/network/overview-of-hyper-v" rel="noopener">included</a> in the Windows OS.</p> </section> <section class="section main-article-chapter" data-menu-title="How to manage a VM in Windows 11"> <h2 class="section-title"><i class="icon" data-icon="1"></i>How to manage a VM in Windows 11</h2> <p>With a VM up and running, you can perform all administrative tasks from the Hyper-V Manager. In the Hyper-V Manager's Virtual Machines pane, you can see a list of all VMs created in Hyper-V (Figure 10).</p> <figure class="main-article-image half-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_11-h.jpg"> <img data-src="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_11-h_half_column_mobile.jpg" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_11-h_half_column_mobile.jpg 960w,https://www.techtarget.com/rms/onlineimages/how_to_manage_hyperv_in_windows_11-h.jpg 1280w" alt="The Hyper-V Manager interface with one VM that administrators can manage. " data-credit="Chris Twiest" height="68" width="279"> <figcaption> <i class="icon pictures" data-icon="z"></i>Figure 10. The Virtual Machines section of Hyper-V Manager showing the one VM available to manage. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <p>By right-clicking on the VM, you can start it, suspend it or shut it down. Hyper-V also enables admins to pause and reset a VM. One other important option that Hyper-V offers is Checkpoints, which are snapshots of the VM that let you reset the VM to the point in time the checkpoint was created.</p> <p>You can create and manage a checkpoint by right-clicking on the VM, where you can select <b>Checkpoint</b> -- which will create a new point in time -- or <b>Revert</b>, which lets you restore an earlier state of the VM.</p> <p><b><i>Editor's note:</i></b><i> This article was updated in February 2026 to reflect technology changes and to improve the reader experience.</i></p> <p><i>Chris Twiest works as a technology officer at RawWorks in the Netherlands, focusing on the future Workspace and Cloud technologies for the end user.</i></p> </section> Hyper-V virtual machines have many use cases in enterprise IT. Windows administrators should follow these steps to create new VMs no matter what their intended use is. https://cdn.ttgtmedia.com/rms/onlineimages/container_g922017556.jpg https://www.techtarget.com/searchvirtualdesktop/tip/How-to-enable-and-manage-Windows-11-Hyper-V Tue, 10 Feb 2026 13:10:00 GMT How to enable and manage Windows 11 Hyper-V <p>Organizations that offer Apple endpoints as work devices must address the specific requirements of macOS in any technology implementation. Desktop virtualization is no exception.</p> <p>Many organizations have adopted Windows-based <a href="https://www.techtarget.com/searchvirtualdesktop/definition/virtual-desktop-infrastructure-VDI">VDI</a> and desktop as a service (<a href="https://www.techtarget.com/searchvirtualdesktop/definition/desktop-as-a-service-DaaS">DaaS</a>) to deploy virtual desktops to end users. The Windows virtual desktop can be based on a 1-to-many ratio with a server OS, 1-to-1 with a workstation OS, or 1-to-many with Windows 10 or 11 multi-user workstation OS. Regardless of the VM's OS, the user experiences a familiar Windows desktop after successful authentication.</p> <p>Through <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Compare-7-desktop-as-a-service-providers">DaaS providers</a>, such as Citrix, Microsoft Azure and VMware, users can access Windows-based virtual desktops from any type of Apple device, including an iOS-based iPhone or a macOS-based device such as a MacBook. This type of access is common and has been available for many years. Every end-user device type -- including Google Chromebooks and other Linux-based devices -- can be used, whether in conjunction with a native client or web-based access.</p> <p>macOS maintains a significant presence in enterprise desktop environments, especially in organizations that permit employee device choice. As an extension of this system's familiarity and functionality, some organizations are interested in subscribing to macOS virtual desktops from a DaaS provider. However, Apple's licensing requirements pose a challenge to this possibility.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/benefits_of_desktop_virtualization-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/benefits_of_desktop_virtualization-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/benefits_of_desktop_virtualization-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/benefits_of_desktop_virtualization-f.png 1280w" alt="A graphic highlighting the benefits of desktop virtualization. " height="198" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>Desktop virtualization centralizes management and access, but operating system licensing -- especially for macOS -- shapes how fully those benefits can be realized. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>Hosted macOS</h3> <p>In practice, hosted macOS environments are used primarily for development and testing rather than as general-purpose desktops for end users. The concept of hosting macOS works for two distinct cases: macOS development and macOS DaaS for user access. These two functionalities are not interchangeable.</p> <p>Developers creating Apple-focused software can use a virtualized macOS desktop to develop and test the software. For example, an enterprise that provides an editing application may wish to have the application run on both Windows and Mac devices. Within the development environment, this could imply physical devices or VMs. Additionally, a virtual macOS desktop frees developers to work from a Windows device, if necessary.</p> <p>It's easy to create a cloud-based development environment for Windows. Using the cloud minimizes costs and setup work, enhances flexibility and gives developers easy access to the environment. For example, if an error occurs during testing wherein an action programmatically generates an <a href="https://www.techtarget.com/whatis/definition/infinite-loop-endless-loop">infinite loop</a>, developers can gather forensics to fix the problem and then quickly and easily delete the virtual desktop. They can subsequently correct the issue and test again on a newly deployed Windows-based VM within minutes.</p> <p>That type of setup was not available for Mac development until recently. While Mac developers can get mini devices for the lab, cloud-based application development and testing is a better option. However, Apple licensing controls what users can and cannot legally do with macOS software.</p> <h3>Licensing for macOS</h3> <p>Apple has stringent <a target="_blank" href="https://www.apple.com/legal/sla/" rel="noopener">licensing requirements</a> for macOS regarding hardware and shared services. First, macOS must run on designated Apple hardware, as per the licensing agreement. In addition, service providers or other shared services cannot use macOS because Apple doesn't allow virtualized copies or instances of its software in connection with services such as service bureaus, time-sharing or terminal sharing.</p> <p>Apple allows remote desktop connections, though with some limitations. Although users can make multiple connections to a single Mac, only one remote session can control the Apple software; the other connections can only observe the connection. This limited connectivity stipulation severely curbs remote access functionality from both a business and technical perspective.</p> <p>In late 2020, Apple introduced an aspect of licensing wherein service providers could offer hosting services specifically for developers to use. This section of the licensing agreement, called Leasing for Permitted Developer Services, likewise has strict requirements. However, it does legally allow providers such as AWS to <a target="_blank" href="https://aws.amazon.com/pm/ec2-mac/" rel="noopener">offer macOS instances</a> for development purposes. In addition, several smaller providers, such as MacStadium and MacinCloud, also provide cloud-based macOS instances for developers. Conditions for developer usage include lessee agreement, a minimum lease period of 24 hours and "sole and exclusive use and control." Activities covered include building software from source, automated testing and running the tools to carry out these activities.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> A key benefit of Windows-based DaaS is centralization and resource sharing, with an end result of lower costs. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>The stipulations for Apple use have some ramifications for macOS-based DaaS. <a name="_Hlk101346997"></a><a href="https://www.techtarget.com/searchvirtualdesktop/news/252485353/Security-productivity-key-desktop-virtualization-benefits">Key benefits of DaaS</a> for Windows include centralization and resource sharing, ultimately resulting in lower costs. As macOS licensing requires Apple hardware, disallows service bureau and sharing, and limits connectivity to one controlling session per device, service providers cannot offer macOS DaaS. On-premises deployments of macOS-based virtual desktops are technically possible, but this falls into a gray area of licensing and is costly.</p> <p>Thus, Apple licensing now permits developers to lease macOS from service providers but prohibits access to DaaS for end users. For IT teams, this makes macOS DaaS a licensing constraint rather than a technology gap.</p> <h3>DaaS operating system options</h3> <p>Interest in desktop as a service based on macOS certainly exists, but it is not possible from a legal standpoint. Even if it were, the financial investment and costs would likely raise feasibility questions. There is little indication that Apple plans to change its licensing requirements. Apple derives significant profit from hardware -- closely coupling its hardware and software is its long-standing business model and key to its success. Apple continues to focus on tying OS functionality to its physical devices. Physical devices running iOS and macOS operating systems continue to proliferate. Supporting these Apple devices for remote access to Windows-based virtual desktops, therefore, shows no signs of slowing down.</p> <p>An <a href="https://www.techtarget.com/searchdatacenter/tip/8-things-to-know-when-switching-from-Windows-to-Linux">alternative to Windows-based DaaS is Linux VMs</a>. If an organization seeks an OS other than Windows due to Microsoft's licensing costs or other requirements, Linux is an option worth considering. However, end users are far less familiar with Linux, so involving it in a user-facing technology could cause confusion. Further, some traditional software packages, such as Office 365 and Microsoft 365, aren't available for direct download onto a Linux machine. While there might be some use cases for Linux VMs, they face challenges from an integration and familiarity perspective for most enterprise users.</p> <p>Because <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Benefits-of-multi-user-Windows-10-in-Windows-Virtual-Desktop">multi-user Windows 10 and 11</a> is available only on Microsoft Azure, this functionality is a key feature of Azure Virtual Desktops. Other cloud providers -- including AWS and Google Cloud -- cannot offer multi-user Windows 10 or 11. However, 1-to-1 virtualized Windows 10 and 11 workstations are available. Because Windows OSes are not dependent on native Microsoft hardware, organizations have flexibility and can find ways to cut costs.</p> <p>For most organizations, supporting Macs through Windows-based DaaS remains the most practical option, while true macOS DaaS remains limited by licensing rather than technology.</p> <p><b>Editor's note:</b> <i>This article was updated in January 2026 to improve</i><em> clarity, flow and the overall reader experience.</em></p> When people discuss desktop as a service, it is usually in the context of Windows desktops. For macOS, however, implementing DaaS can be more complicated. https://cdn.ttgtmedia.com/rms/onlineimages/keyboard_g164210754.jpg https://www.techtarget.com/searchvirtualdesktop/tip/Understanding-the-DaaS-options-for-Macs Thu, 22 Jan 2026 10:30:00 GMT Understanding the DaaS options for Macs <p>Ensuring secure remote access to corporate applications and data is a fundamental requirement for IT teams. However, the methods organizations use to provide that access have evolved. Desktop as a service (<a href="https://www.techtarget.com/searchvirtualdesktop/definition/desktop-as-a-service-DaaS">DaaS</a>) and virtual private network (<a href="https://www.techtarget.com/searchnetworking/definition/virtual-private-network">VPN</a>) are both popular options, but they address different issues and come with distinct advantages and disadvantages.</p> <p>While both give remote users access to an organization's resources, DaaS and VPN differ in user-friendliness, performance, security and manageability. IT administrators should examine the similarities and differences between these two services to determine which one best suits their goals.</p> <h3>What is DaaS?</h3> <p>Desktop as a service gives end users access to a virtual desktop that is hosted in the cloud. With this option, IT admins can manage virtual desktops while the <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Compare-7-desktop-as-a-service-providers">DaaS provider</a> handles the hosting infrastructure setup and management. When end users connect to the virtual desktop, the DaaS provider streams the screen of the virtual desktop over a network to the endpoint devices. The display signal of the desktop is the only data that goes to end users' personal devices.</p> <p>End users might need access to a corporate application that requires a SQL database connection on the corporate network. With DaaS, the virtual desktop already has the application installed. The network the DaaS desktop is on has access to the SQL database. The only thing the end user must do is log into the DaaS offering, start the virtual desktop and open the application. The end user then has fast access to the SQL database because it's on the same network as the virtual desktop.</p> <p>DaaS technology is centralized, allowing organizations to manage all aspects of deployment from a single administrative interface. If IT administrators need to apply an update to desktops or business applications, they can easily do so, and the update will be distributed immediately. Because DaaS gives IT the power to decide when a new version of the application is available to end users, with DaaS image management and virtualization software, the IT admin can run the update only once.</p> <p>Popular DaaS offerings include Amazon Workspaces, Citrix Managed Desktops, Microsoft Azure Virtual Desktop and VMware Horizon Cloud.</p> <p>In addition to DaaS, <a href="https://www.techtarget.com/searchvirtualdesktop/definition/virtual-desktop-infrastructure-VDI">VDI</a> is another option for organizations to deploy virtual desktops. Both give an end user remote access to a virtual desktop and corporate resources, but there are some important <a href="https://www.techtarget.com/searchvirtualdesktop/feature/Compare-desktop-virtualization-options-DaaS-vs-VDI">differences between DaaS and VDI</a>. With VDI, the organization creates, maintains and updates the virtual desktop environment. With DaaS, the DaaS provider handles these responsibilities for the back end and, in some cases, the front end of the deployment.</p> <h3>What is a VPN?</h3> <p>A <a href="https://www.techtarget.com/searchnetworking/definition/virtual-private-network">VPN</a> creates a tunnel, or agent, between two networks, allowing them to connect and transfer data. A business VPN enables end users to <a href="https://www.techtarget.com/searchnetworking/answer/How-do-site-to-site-VPN-configuration-and-remote-access-VPNs-vary">connect to corporate resources</a> such as applications and data. A business VPN works via a <a href="https://www.techtarget.com/searchenterprisedesktop/definition/client">client</a> on end-user personal devices. The client can connect a private network over a public network -- such as the internet -- between that device and the corporate network. Users upload and download data over this connection. The virtual network is created with a <a href="https://www.techtarget.com/searchsecurity/definition/Secure-Sockets-Layer-SSL">secure sockets layer</a> connection and is often end-to-end encrypted, enabling secure access between the networks.</p> <p>Let's return to the example of an end user who needs access to a corporate application that requires a SQL database connection on the corporate network. The user signs into the VPN agent on the personal device, setting up the virtual network tunnel between the device and the corporate network. Because there is then a network connection through the VPN tunnel to the SQL database on the corporate network, the end user can start the corporate application locally from the device and it can reach this data. This makes VPN technology a decentralized approach.</p> <p>With a VPN, every end-user device needs to have the corporate applications installed. The IT administrators must update every device when an application update is required as well. Because of this, VPN use is often combined with <a href="https://www.techtarget.com/searchenterprisedesktop/feature/Understand-how-UEM-EMM-and-MDM-differ-from-one-another">endpoint management tools</a> such as Microsoft Endpoint Manager. With endpoint management software, IT organizations can distribute applications and updates to all devices, often through the internet. With its configuration, IT can also push the VPN agent updates with an endpoint management tool.</p> <p>Security is a significant consideration with VPNs. Users upload and download data when using a VPN, so data can end up on the end-user device. In addition, a VPN gives end users direct access to a part of the corporate network. If the connection gets hacked, for example, when using a weak or old digital certificate, the hacker has access to the company network. <a href="https://www.techtarget.com/searchnetworking/definition/network-segmentation">Network segmentation</a> with VPNs is essential. Common examples of VPN software include Cisco Systems VPN Client, F5 Networks FirePass SSL VPN, NordLayer VPN and OpenVPN.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/key_differences_between_daas_and_vpn-f.png "> <img data-src="https://www.techtarget.com/rms/onlineimages/key_differences_between_daas_and_vpn-f_mobile.png " class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/key_differences_between_daas_and_vpn-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/key_differences_between_daas_and_vpn-f.png 1280w" alt="A Venn diagram showing the similarities and differences between DaaS and VPN." height="308" width="560"> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> <h3>How are DaaS and VPN different?</h3> <p>Both DaaS and VPN give <a href="https://www.techtarget.com/searchsecurity/Ultimate-guide-to-secure-remote-access">secure remote access to applications and data</a>, but the two options are rather different. The choice increasingly comes down to how much control, isolation and operational overhead an organization is willing to manage internally.</p> <p>VPNs are easy to set up on both the end-user and administrative sides. They enable IT to onboard end users quickly. A new user downloads the VPN client, signs in and accesses the corporate network. With DaaS, the IT organization must give each new user a desktop, profile, home drive folder and other specific items, which might require more setup work than a VPN.</p> <p>A VPN goes into the company network and, in doing so, provides access to applications and data. With corporate data and applications at stake, <a href="https://www.techtarget.com/searchnetworking/tip/How-to-implement-network-segmentation-for-better-security">security considerations include network segmentation</a>, endpoint management and decentralizing applications. VPNs also rely heavily on internet quality for both the speed and the stability of the application. If, for example, an end user loses connection while updating a database, the database can get out of sync, with destructive results. Of course, VPNs require stable internet access as well, but if there are any network issues, a desktop running a VPN can still access local applications, documents and other aspects that don't rely on a secure internet connection.</p> <blockquote class="main-article-pullquote"> <div class="main-article-pullquote-inner"> <figure> Security is a significant consideration with VPNs. Users upload and download data when using a VPN, so data can end up on the end-user device. </figure> <i class="icon" data-icon="z"></i> </div> </blockquote> <p>With DaaS, the virtual desktop is in the corporate network, so data and applications do not leave the network. Users only receive the display from the desktop, making DaaS more secure than a VPN connection. This also means it's less reliant on an internet connection. Protocols such as Citrix HDX, Microsoft RDP and VMware Horizon (formerly View) optimize bandwidth by sending the user only the part of the screen that is updated, and they can scale in quality.</p> <p>A disconnect while updating a database is not a problem with DaaS. The virtual desktop in the data center is talking to the database. Any <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Top-5-remote-desktop-connectivity-problems-and-how-to-prevent-them">disruptions in connectivity</a> between the virtual desktop server and endpoint device will not affect the database update on the server side. When users sign back in after an interruption, they will be back at the same point where they left their sessions. This also lets users switch between personal devices. Users can start a session on a PC, then disconnect in the morning and pick the session back up in the afternoon on a laptop.</p> <h3>Deciding between DaaS and VPN</h3> <p>If an organization needs to make one application on the corporate network available for end users from the internet, for example, DaaS might be too complex, as it creates an entire virtual desktop for each user. But if security is an organization's main concern, then DaaS might be the best option, even for just one application.</p> <p>Organizations should also keep in mind that DaaS and VPN are both technologies for legacy applications and data. For example, if an organization migrates all its data to a cloud platform such as <a href="https://www.techtarget.com/searchcontentmanagement/definition/Microsoft-SharePoint-2016">SharePoint</a> in Microsoft 365, users can automatically access the data through the internet without DaaS or VPN. This is also the case with SaaS applications. Additionally, web applications on the corporate network can be made internet-facing with an authenticated application proxy.</p> <p>As application architectures increasingly shift toward software as a service (SaaS) and browser-based access, many organizations are likely to rely less on DaaS and VPN for their daily operations. However, both technologies will continue to be essential for legacy systems, specialized workloads, and environments with high security or control requirements.</p> <p><b>Editor's note:</b> <i>This article was updated in January 2026 to</i> <em>improve clarity, flow and the overall reader experience.</em></p> <p><i>Chris Twiest works as a technology officer at RawWorks in the Netherlands, focusing on the future Workspace and Cloud technologies for the end user.</i></p> DaaS and VPN both provide remote access to corporate resources, but they differ in important ways that IT leaders should evaluate when choosing between them. https://cdn.ttgtmedia.com/rms/onlineimages/folder-files05.jpg https://www.techtarget.com/searchvirtualdesktop/tip/What-are-the-key-differences-between-DaaS-and-VPN Wed, 21 Jan 2026 04:30:00 GMT What are the key differences between DaaS and VPN? <p>Desktop as a service (<a href="https://www.techtarget.com/searchvirtualdesktop/definition/desktop-as-a-service-DaaS">DaaS</a>) has become a popular option for organizations rethinking how employees access corporate desktops and applications. In addition to enabling remote work, DaaS is crucial for security, scalability and operational control. This is especially important as IT teams strive to reduce infrastructure costs while efficiently managing access to enterprise resources.</p> <p>One way to deploy virtual desktops is DaaS, where desktop OSes run inside VMs on servers in a third-party cloud provider's data center. Organizations can also implement <a href="https://www.techtarget.com/searchvirtualdesktop/definition/virtual-desktop-infrastructure-VDI">VDI</a> -- which entails building out their own virtualization infrastructure and running desktop OSes on on-premises servers -- or stick with traditional desktops.</p> <p>DaaS outsources the work of hosting virtual desktops to a third-party provider. It does not require a substantial initial investment like VDI does, so DaaS stands out for its easy and inexpensive setup. Still, IT administrators should weigh the full set of tradeoffs -- not just cost -- to determine whether desktop as a service is the right fit for their organizations.</p> <section class="section main-article-chapter" data-menu-title="Pros of DaaS"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Pros of DaaS</h2> <p>For many organizations, the appeal of DaaS lies in its ability to simplify desktop delivery while shifting infrastructure and operational responsibility to a cloud provider.</p> <h3>Lower upfront costs</h3> <p>One of the most significant advantages of DaaS is that <a href="https://www.techtarget.com/searchvirtualdesktop/answer/What-are-the-biggest-pros-and-cons-of-VDI">it offers lower upfront costs than VDI</a> or regular desktops. VDI requires a costly infrastructure investment to get started, whereas DaaS is typically priced per user. Organizations that want to test virtualization can turn to DaaS and skip the costs and labor of building a VDI when they might want to change their desktop virtualization approach years down the road. The subscription model also makes the costs involved in DaaS more predictable over the long term.</p> <p>DaaS can also reduce license costs by making it easy to provision and deprovision virtual desktops as needed. For startups looking to onboard employees quickly, DaaS can help scale up quickly and inexpensively. Likewise, <a href="https://www.techtarget.com/searchvirtualdesktop/feature/Comparing-DaaS-vs-SaaS-and-how-they-work">the scalability of desktop as a service</a> can have cost benefits for organizations that employ seasonal workers. Once the season is over and these employees leave, the virtual desktops they used can be easily deprovisioned, eliminating license costs for those desktops.</p> <h3>Flexibility</h3> <p>The scalability of DaaS is also beneficial on a logistical level for organizations and their IT teams. If an organization wants to scale up, IT can update the DaaS subscription rather than increasing VDI capacity by adding additional hardware. This is especially helpful for organizations that don't know what scale they want; DaaS can adjust to fluctuations in virtual desktop numbers without requiring any reworking.</p> <p>DaaS also offers flexibility in the <a href="https://www.techtarget.com/searchenterprisedesktop/opinion/DaaS-may-encourage-organizations-to-adopt-Macs-and-Chromebooks">variety of endpoints cloud providers can easily support</a> out of the box. No matter what type of device a user chooses to work on, the desktop environment is identical if it has the necessary display resolution and remote desktop client software. DaaS generally offers the same UX as VDI, but the ability to choose from <a href="https://www.techtarget.com/searchvirtualdesktop/opinion/PC-as-a-service-is-an-alternative-and-a-complement-to-DaaS">a wider range of endpoints</a> and locations to work from and maintain an acceptable desktop environment can result in a better experience for end users.</p> <h3>Broader accessibility</h3> <p>Desktop as a service is available from anywhere, on any device. Because the virtual desktops are hosted in the cloud, they are accessible anywhere, as long as power and internet connectivity are available. With VDI, on the other hand, users must connect to their organization's corporate network directly or via a <a href="https://www.techtarget.com/searchnetworking/answer/What-are-the-differences-between-VPN-and-VDI-services">VPN to access their virtual desktops</a>, which requires further security considerations.</p> <p>The rise of remote work has highlighted the value of DaaS for organizations that want to ensure business continuity amid circumstances such as the COVID-19 pandemic. DaaS's ability to support a variety of endpoints is especially helpful for facilitating remote work. Even if users have PCs at home, they can still access a virtual desktop with DaaS.</p> <p>Some DaaS providers offer browser accessibility. This is a secure and simple way for users to access DaaS. Rather than installing the virtual desktop, a user can log in to a browser-accessible virtual desktop from any supported browser. Some examples of this option include the Web Access feature in Amazon WorkSpaces, Azure Virtual Desktop web client and DesktopReady.</p> <h3>Easier setup and management</h3> <p>Setting up DaaS is easy for IT. The most critical step is <a href="https://www.techtarget.com/searchvirtualdesktop/tip/Compare-7-desktop-as-a-service-providers">choosing the best DaaS provider</a> to meet the organization's needs.</p> <p>DaaS is an easier option for IT after setup as well. <a href="https://www.techtarget.com/searchvirtualdesktop/opinion/Forecasting-VDI-trends-and-the-future-of-the-market">To successfully deploy and maintain VDI</a>, IT departments must have the skill set and sufficient employees to stay on top of updates, data traffic and troubleshooting. DaaS providers have the resources and expertise to reliably address many of these concerns, enabling IT teams to focus on issues specific to their organizations. This can also provide security benefits. IT has less control over security with desktop as a service, but a DaaS provider likely has more up-to-date tools and knowledge, which can help IT manage and prevent any issues.</p> <figure class="main-article-image full-col" data-img-fullsize="https://www.techtarget.com/rms/onlineimages/virt_desktop-vdi_vs_daas-f.png"> <img data-src="https://www.techtarget.com/rms/onlineimages/virt_desktop-vdi_vs_daas-f_mobile.png" class="lazy" data-srcset="https://www.techtarget.com/rms/onlineimages/virt_desktop-vdi_vs_daas-f_mobile.png 960w,https://www.techtarget.com/rms/onlineimages/virt_desktop-vdi_vs_daas-f.png 1280w" alt="A chart comparing the infrastructure, management and cost differences between VDI and DaaS." height="247" width="560"> <figcaption> <i class="icon pictures" data-icon="z"></i>This shows how VDI and DaaS compare when it comes to infrastructure, management and cost. </figcaption> <div class="main-article-image-enlarge"> <i class="icon" data-icon="w"></i> </div> </figure> </section> <section class="section main-article-chapter" data-menu-title="Cons of DaaS"> <h2 class="section-title"><i class="icon" data-icon="1"></i>Cons of DaaS</h2> <p>Those same characteristics can introduce tradeoffs around cost, customization and control that become more visible as deployments scale.</p> <h3>Potentially higher long-term costs</h3> <p>While DaaS is less expensive than VDI in terms of initial investments, over time, the subscription costs that come with DaaS might accumulate to be higher than the <a href="https://www.techtarget.com/searchvirtualdesktop/tip/How-do-Citrix-and-VMwares-on-premises-VDI-costs-compare">upfront costs of VDI</a>.</p> <p>Additionally, depending on the licensing models a vendor offers, DaaS can have higher license costs to account for the effort required to host virtual desktops. Most DaaS providers bundle the OS license with the cost of the virtual desktop, but organizations must weigh their options and keep these factors in mind to <a href="https://www.techtarget.com/searchvirtualdesktop/tip/How-to-keep-DaaS-pricing-stable-and-consistent">ensure that desktop as a service is the best approach financially</a>. Pricing for DaaS is still more predictable and consistent than for VDI, but it's not necessarily less expensive in the long term.</p> <h3>Less customizability</h3> <p>Another con of DaaS is that the one-size-fits-all approach also might not be ideal for every organization. Security and compliance regulations vary by organization, so finding a DaaS package that fits perfectly can be difficult. Because organizations build it in-house, <a href="https://www.techtarget.com/searchvirtualdesktop/feature/VDI-applications-maintain-many-use-case-advantages-over-DaaS">VDI enables IT to make more customizations</a> -- such as disabling certain services for users -- to meet compliance standards and ensure VDI security. If an organization with strict compliance regulations wants to use DaaS to implement virtual desktops, choosing a provider that prioritizes these standards is vital.</p> <p>For example, Evolve IP Workspaces is a DaaS provider that is third-party-audited to meet compliance standards, such as HIPAA or <a href="https://www.techtarget.com/whatis/definition/General-Data-Protection-Regulation-GDPR">GDPR</a>. Providers that don't specifically take certain compliance standards into account should allow IT to check compliance measures or control the hypervisors' configurations and customize features.</p> <p>Some DaaS packages won't have everything an organization might want. Different vendors offer different levels of customizability, and some offer more advanced management capabilities than others.</p> <h3>Less control</h3> <p>Desktop as a service offers little control over updates and security in general, which can lead to problems that IT cannot directly address. Many of these issues stem from the hosting concerns that come with using a public cloud. For example, if the public cloud hosting the virtual desktops experiences an outage, an organization's productivity comes to a halt.</p> <p>Security is a significant factor in both the pros and cons of DaaS. Because having all resources in a single location -- such as a DaaS vendor's public cloud -- can help security, DaaS might seem like the most secure desktop virtualization option. Additionally, some organizations might prefer the security a vendor can guarantee rather than trusting IT staff to maintain a perfect security posture. However, some IT teams might be better prepared to handle their organization's unique security strategy than a third-party provider, and admins must <a href="https://searchcloudsecurity.techtarget.com/tip/Top-cloud-security-challenges-and-how-to-combat-them">consider cloud security concerns</a> with DaaS.</p> <p>Not having full control over connectivity can put organizations in situations where they are unable to do anything about it. If there's a connectivity issue, IT has less insight into the network and must wait for the provider to fix it. And while UX might be better and easier to ensure with DaaS, if there are UX issues, the IT team can't handle them directly.</p> <p>For IT leaders, the decision to adopt DaaS is less about whether the technology is effective and more about determining where responsibility and control should reside. While DaaS can alleviate operational burdens and enhance flexibility, it also transfers essential aspects of desktop management to a third party. It is crucial to understand these trade-offs and how they align with the organization's security, access, and long-term infrastructure strategies to make an informed decision.</p> <p><b>Editor’s note:</b> <i>This article was updated in January 2026 to <em>improve clarity, flow and the overall reader experience.</em></i></p> <p><i></i></p> </section> Desktop as a service stands out for its scalability, but IT admins should also keep factors such as customizability in mind when considering their desktop virtualization options. https://cdn.ttgtmedia.com/rms/onlineimages/competition_a299069360.jpg https://www.techtarget.com/searchvirtualdesktop/feature/What-are-the-pros-and-cons-of-DaaS Tue, 20 Jan 2026 13:30:00 GMT What are the pros and cons of DaaS? Search Virtual Desktop Resources and Information from TechTarget 60 webmaster@techtarget.com