Spice (1) flag Report. We can disable WDDM graphics on Remote Desktop connection by modifying group policy on the host PC. But give thanks to Carlieo. You simply need to disable the WDDM graphics driver from the Remote Desktop Session Host. Use WDDM graphics display driver for Remote Desktop Connections (Disabled) I have also ran the NVIDIA OpenGL RDP enabler tool so I can run applications that use OpenGL through RDP, but I removed the NVIDIA driver database where this setting is stored to disable it and determined that the problem is not related to OpenGL support state. content, Turn off Help and Support Center Microsoft Knowledge Base search, Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com, Turn off Internet download for Web publishing and online ordering wizards, Turn off Internet File Association service, Turn off Registration if URL connection is referring to Microsoft.com, Turn off Search Companion content file updates, Turn off the "Publish to Web" task for files and folders, Turn off the Windows Messenger Customer Experience Improvement Program, Turn off Windows Customer Experience Improvement Program, Turn off Windows Network Connectivity Status Indicator active tests, Turn off Windows Update device driver searching, Do not allow changes to initiator iqn name, Do not allow changes to initiator CHAP secret, Do not allow sessions without mutual CHAP, Do not allow sessions without one way CHAP, Do not allow adding new targets via manual configuration, Do not allow manual configuration of discovered targets, Do not allow manual configuration of iSNS servers, Do not allow manual configuration of target portals, KDC support for claims, compound authentication and Kerberos armoring, KDC support for PKInit Freshness Extension, Provide information about previous logons to client computers, Allow retrieving the cloud kerberos ticket during the logon, Always send compound authentication first, Define host name-to-Kerberos realm mappings, Define interoperable Kerberos V5 realm settings, Disable revocation checking for the SSL certificate of KDC proxy servers, Fail authentication requests when Kerberos armoring is not available, Kerberos client support for claims, compound authentication and Kerberos armoring, Require strict target SPN match on remote procedure calls, Set maximum Kerberos SSPI context token buffer size, Specify KDC proxy servers for Kerberos clients, Support device authentication using certificate, Enumeration policy for external devices incompatible with Kernel DMA Protection, Disallow copying of user input methods to the system account for sign-in, Disallow user override of locale settings, Allow users to select when a password is required when resuming from connected standby, Always wait for the network at computer startup and logon, Block user from showing account details on sign-in, Do not display the Getting Started welcome screen at logon, Do not enumerate connected users on domain-joined computers, Enumerate local users on domain-joined computers, Hide entry points for Fast User Switching, Turn off app notifications on the lock screen, Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names, Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails, Set Priority in the DC Locator DNS SRV records, Set Weight in the DC Locator DNS SRV records, Specify address lookup behavior for DC locator ping, Specify DC Locator DNS records not registered by the DCs, Specify dynamic registration of the DC Locator DNS Records, Specify Refresh Interval of the DC Locator DNS records, Specify sites covered by the application directory partition DC Locator DNS SRV records, Specify sites covered by the DC Locator DNS SRV records, Specify sites covered by the GC Locator DNS SRV Records, Use automated site coverage by the DC Locator DNS SRV Records. Have a question about this project? Click OK and reboot your PC and see RDP not working after Windows 10 upgrade/update has been resolved. The first RDP connection after a reboot or power up works but subsequent connections receive an error message saying the login was refused. Allow Secure Boot for integrity validation, Choose how BitLocker-protected operating system drives can be recovered, Configure pre-boot recovery message and URL, Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2), Configure TPM platform validation profile for BIOS-based firmware configurations, Configure TPM platform validation profile for native UEFI firmware configurations, Configure use of hardware-based encryption for operating system drives, Configure use of passwords for operating system drives, Disallow standard users from changing the PIN or password, Enable use of BitLocker authentication requiring preboot keyboard input on slates, Enforce drive encryption type on operating system drives, Require additional authentication at startup (Windows Server 2008 and Windows Vista), Require additional authentication at startup, Reset platform validation data after BitLocker recovery, Use enhanced Boot Configuration Data validation profile, Allow access to BitLocker-protected removable data drives from earlier versions of Windows, Choose how BitLocker-protected removable drives can be recovered, Configure use of hardware-based encryption for removable data drives, Configure use of passwords for removable data drives, Configure use of smart cards on removable data drives, Control use of BitLocker on removable drives, Deny write access to removable drives not protected by BitLocker, Enforce drive encryption type on removable data drives, Choose default folder for recovery password, Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507]), Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later), Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2), Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista), Disable new DMA devices when this computer is locked, Provide the unique identifiers for your organization, Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista), Validate smart card certificate usage rule compliance, Do not display the password reveal button, Enumerate administrator accounts on elevation, Prevent the use of security questions for local accounts, Require trusted path for credential entry, Allow device name to be sent in Windows diagnostic data, Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service, Configure collection of browsing data for Desktop Analytics, Configure Connected User Experiences and Telemetry, Configure diagnostic data upload endpoint for Desktop Analytics. Looks like AMD driver does not like the new WDDM remote desktop driver in Windows 10 1903. Remove Boot / Shutdown / Logon / Logoff status messages, Restrict potentially unsafe HTML Help functions to specified folders, Restrict these programs from being launched from Help, Specify settings for optional component installation and component repair, Specify Windows installation file location, Specify Windows Service Pack installation file location, Turn off Data Execution Prevention for HTML Help Executible, ActiveX installation policy for sites in Trusted zones, Approved Installation Sites for ActiveX Controls, Remove Program Compatibility Property Page, Turn off Application Compatibility Engine, Allow a Windows app to share application data between users, Allow deployment operations in special profiles, Allows development of Windows Store apps and installing them from an integrated development environment (IDE), Disable installing Windows apps on non-system volumes, Prevent non-admin users from installing packaged Windows apps, Prevent users' app data from being stored on non-system volumes, Let Windows apps access account information, Let Windows apps access an eye tracker device, Let Windows apps access diagnostic information about other apps, Let Windows apps access user movements while running in the background, Let Windows apps activate with voice while the system is locked, Let Windows apps communicate with unpaired devices. Configure Applications preference extension policy processing, Configure Data Sources preference extension policy processing, Configure Devices preference extension policy processing, Configure Direct Access connections as a fast network connection, Configure Drive Maps preference extension policy processing, Configure Environment preference extension policy processing, Configure Files preference extension policy processing, Configure Folder Options preference extension policy processing, Configure folder redirection policy processing, Configure Folders preference extension policy processing, Configure Group Policy slow link detection, Configure Ini Files preference extension policy processing, Configure Internet Explorer Maintenance policy processing, Configure Internet Settings preference extension policy processing, Configure Local Users and Groups preference extension policy processing, Configure Network Options preference extension policy processing, Configure Network Shares preference extension policy processing, Configure Power Options preference extension policy processing, Configure Printers preference extension policy processing, Configure Regional Options preference extension policy processing, Configure Registry preference extension policy processing, Configure Scheduled Tasks preference extension policy processing, Configure Services preference extension policy processing, Configure Shortcuts preference extension policy processing, Configure software Installation policy processing, Configure Start Menu preference extension policy processing, Configure user Group Policy loopback processing mode, Configure web-to-app linking with app URI handlers, Determine if interactive users can generate Resultant Set of Policy data, Enable AD/DFS domain controller synchronization during policy refresh, Remove users' ability to invoke machine policy refresh, Set Group Policy refresh interval for computers, Set Group Policy refresh interval for domain controllers, Specify startup policy processing wait time, Specify workplace connectivity wait time for policy processing, Turn off background refresh of Group Policy, Turn off Group Policy Client Service AOAC optimization, Turn off Local Group Policy Objects processing, Turn off access to all Windows Update features, Turn off Automatic Root Certificates Update, Turn off downloading of print drivers over HTTP, Turn off handwriting personalization data sharing, Turn off handwriting recognition error reporting, Turn off Help and Support Center "Did you know?" Disable showing balloon notifications as toasts. Remove Default Programs link from the Start menu. Configure telemetry opt-in change notifications. On Windows 10 Start the Group Policy Editor by clicking the Windows button and typing gpedit.msc then under Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Remote Session Environment : 1. (found at Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment) This thread is locked. For this, double the option, select ' Disable '. Turn off the display of thumbnails and only display icons on network folders, Turn off Windows Libraries features that rely on indexed file data, Allow Windows Runtime apps to revoke enterprise data, Configure Traditional Chinese IME version, Do not include Non-Publishing Standard Glyph in the candidate list, Restrict character code range of conversion, Turn on misconversion logging for misconversion report, Custom Instant Search Internet search provider, File menu: Disable closing the browser and Explorer windows, File menu: Disable Save As menu option, File menu: Disable Save As Web Page Complete, Help menu: Remove 'For Netscape Users' menu option, Help menu: Remove 'Send Feedback' menu option, Help menu: Remove 'Tip of the Day' menu option, Tools menu: Disable Internet Options menu option, View menu: Disable Full Screen menu option, Hide the button (next to the New Tab button) that opens Microsoft Edge, Turn off details in messages about Internet connection problems, Start the Internet Connection Wizard automatically, Allow the display of image download placeholders, Turn on printing of background colors and images, Turn off inline AutoComplete in File Explorer, Prevent specifying the color of links that have already been clicked, Prevent specifying the color of links that have not yet been clicked, Disable adding schedules for offline pages, Disable channel user interface completely, Disable downloading of site subscription content, Disable editing and creating of schedule groups, Disable editing schedules for offline pages, Disable removing schedules for offline pages, File size limits for Restricted Sites zone, Turn off automatic download of the ActiveX VersionList, Disable customizing browser toolbar buttons, Disable changing Calendar and Contact settings, Disable changing Profile Assistant settings, Disable changing Temporary Internet files settings, Disable external branding of Internet Explorer, Display error message on proxy script download failure, Identity Manager: Prevent users from using Identities, Notify users if Internet Explorer is not the default web browser, Position the menu bar above the navigation bar, Search: Disable Find Files via F3 within the browser, Turn on the auto-complete feature for user names and passwords on forms, Use Automatic Detection for dial-up connections, Permit use of Applications preference extension, Permit use of Control Panel Settings (Computers), Permit use of Control Panel Settings (Users), Permit use of Data Sources preference extension, Permit use of Devices preference extension, Permit use of Drive Maps preference extension, Permit use of Environment preference extension, Permit use of Folder Options preference extension, Permit use of Folders preference extension, Permit use of Ini Files preference extension, Permit use of Internet Settings preference extension, Permit use of Local Users and Groups preference extension, Permit use of Network Options preference extension, Permit use of Network Shares preference extension, Permit use of Power Options preference extension, Permit use of Printers preference extension, Permit use of Regional Options preference extension, Permit use of Registry preference extension, Permit use of Scheduled Tasks preference extension, Permit use of Services preference extension, Permit use of Shortcuts preference extension, Permit use of Start Menu preference extension, Group Policy tab for Active Directory Tools, Restrict the user from entering author mode, Restrict users to the explicitly permitted list of snap-ins, Configure the inclusion of Microsoft Edge tabs into Alt-Tab, Prevent Application Sharing in true color, Prevent changing DirectSound Audio setting, Allow persisting automatic acceptance of Calls. Always prompt for password upon connection; Do not allow local administrators to customize permissions WDDM 1.2 compatible driver . Disconnecting from remote desktop session then causes hangs in OpenDL device enumeration. Use WDDM graphics display driver for Remote Desktop Connections to DISABLED This forces RDP to use the old (and now deprecated XDDM drivers) After rebooting, behaviour returns to normal and after disconnecting from an RDP session the RDP host (target machine) no longer shows DWM.EXE consuming CPU. Workaround: Set "Use WDDM graphics display driver for Remote Desktop Connections" to Disabled in group policy. Remove frequent programs list from the Start Menu, Remove links and access to Windows Update, Remove Network Connections from Start Menu, Remove pinned programs list from the Start Menu, Remove See More Results / Search Everywhere link, Remove the "Undock PC" button from the Start Menu, Remove user's folders from the Start Menu, Show "Run as different user" command on Start, Show Start on the display the user is using when they press the Windows logo key, Show the Apps view automatically when the user goes to Start, Turn off automatic promotion of notification icons to the taskbar, Turn off feature advertisement balloon notifications, Do not automatically make all redirected folders available offline, Do not automatically make specific redirected folders available offline, Enable optimized move of contents in Offline Files cache on Folder Redirection server path change, Configure Group Policy domain controller selection, Create new Group Policy Object links disabled by default, Set default name for new Group Policy objects, Set Group Policy refresh interval for users, Turn off Help Experience Improvement Program, Prompt for password on resume from hibernate/suspend, Connect home directory to root of the share, Specify network directories to sync at logon/logoff time only, Do not preserve zone information in file attachments, Hide mechanisms to remove zone information, Inclusion list for moderate risk file types, Notify antivirus programs when opening attachments, Configure Windows spotlight on lock screen, Do not suggest third-party content in Windows spotlight, Do not use diagnostic data for tailored experiences, Turn off Windows Spotlight on Action Center, Do not show recent apps when the mouse is pointing to the upper-left corner of the screen, Prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the lower-left corner or press the Windows logo key+X, Search, Share, Start, Devices, and Settings don't appear when the mouse is pointing to the upper-right corner of the screen, Allow only per user or approved shell extensions, Display confirmation dialog when deleting files, Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon, Do not display the Welcome Center at user logon, Do not move deleted files to the Recycle Bin, Do not track Shell shortcuts during roaming, Hides the Manage item on the File Explorer context menu, Hide these specified drives in My Computer, No Computers Near Me in Network Locations, Pin Internet search sites to the "Search again" links and the Start menu, Pin Libraries or Search Connectors to the "Search again" links and the Start menu, Prevent access to drives from My Computer. Allow or Disallow use of encryption to protect the RPC protocol messages between File Share Shadow Copy Provider running on application server and File Share Shadow Copy Agent running on the file servers. If you are using Windows 10 pro v1909, disable 'Use WDDM graphics display driver for Remote Desktop Connection'. Open Local Group Policy Editor Limit Enhanced diagnostic data to the minimum required by Windows Analytics, Allow uploads while the device is on battery while under set Battery level (percentage), Delay Background download Cache Server fallback (in seconds), Delay background download from http (in secs), Delay Foreground download Cache Server fallback (in seconds), Delay Foreground download from http (in secs), Enable Peer Caching while the device connects via VPN, Maximum Background Download Bandwidth (in KB/s), Maximum Background Download Bandwidth (percentage), Maximum Foreground Download Bandwidth (in KB/s), Maximum Foreground Download Bandwidth (percentage), Minimum disk size allowed to use Peer Caching (in GB), Minimum Peer Caching Content File Size (in MB), Minimum RAM capacity (inclusive) required to enable use of Peer Caching (in GB), Select a method to restrict Peer Selection, Set Business Hours to Limit Background Download Bandwidth, Set Business Hours to Limit Foreground Download Bandwidth. Disable WDDM graphics driver. To solve "Your Remote Desktop Service session has ended. You can deploy a GPO to fix this company-wide: Administrative Templates (Computers) > Windows Components > Remote Desktop Service > Remote Desktop Session Host: Disable the setting "Use WDDM graphics display driver for Remote Desktop Connection" You are right - when I set the GPO "Use WDDM graphics display driver for Remote Desktop Connections -> Disable" it does fix the CPU issue and the freezing issue. Step 6. Prevent users from sharing files within their profile. The "fix" forces the old XDDM driver to be used. Specify contact email address or Email ID, Hide the Firewall and network protection area, Hide the Virus and threat protection area, Select when Preview Builds and Feature Updates are received, Allow Automatic Updates immediate installation, Allow non-administrators to receive update notifications, Allow signed updates from an intranet Microsoft update service location, Allow updates to be downloaded automatically over metered connections, Always automatically restart at the scheduled time, Configure auto-restart reminder notifications for updates, Configure auto-restart required notification for updates, Configure auto-restart warning notifications schedule for updates, Delay Restart for scheduled installations, Do not adjust default option to 'Install Updates and Shut Down' in Shut Down Windows dialog box, Do not allow update deferral policies to cause scans against Windows Update, Do not connect to any Windows Update Internet locations, Do not display 'Install Updates and Shut Down' option in Shut Down Windows dialog box, Do not include drivers with Windows Updates, Enabling Windows Update Power Management to automatically wake up the system to install scheduled updates, No auto-restart with logged on users for scheduled automatic updates installations, Re-prompt for restart with scheduled installations, Remove access to use all Windows Update features, Reschedule Automatic Updates scheduled installations, Specify active hours range for auto-restarts, Specify deadline before auto-restart for update installation, Specify deadlines for automatic updates and restarts, Specify Engaged restart transition and notification schedule for updates, Specify intranet Microsoft update service location, Specify source service for specific classes of Windows Updates, Turn off auto-restart for updates during active hours, Turn off auto-restart notifications for update installations, Turn on recommended updates via Automatic Updates, User State Management Client Side Extension, Hide the "Add a program from CD-ROM or floppy disk" option, Hide the "Add programs from Microsoft" option, Hide the "Add programs from your network" option, Hide the Set Program Access and Defaults page, Specify default category for Add New Programs, Force a specific visual style file or force Windows Classic, Prevent changing visual style for windows and buttons, Prohibit selection of visual style font size, Browse a common web site to find printers, Default Active Directory path when searching for printers, Turn off Windows default printer management, Hide "Set Program Access and Computer Defaults" page, Hide Regional and Language Options administrative options, Hide user locale selection and customization options, Restrict selection of Windows menus and dialogs language, Restricts the UI languages Windows should use for the selected user, Turn off insert a space after selecting a text prediction, Turn off offer text predictions as I type, Always open All Control Panel Items when opening Control Panel, Prohibit access to Control Panel and PC settings, Maximum size of Active Directory searches, Do not add shares of recently opened documents to Network Locations, Hide and disable all items on the desktop, Prevent adding, dragging, dropping and closing the Taskbar's toolbars, Prohibit User from manually redirecting Profile Folders, Remove Properties from the Computer icon context menu, Remove Properties from the Documents icon context menu, Remove Properties from the Recycle Bin context menu, Turn off Aero Shake window minimizing mouse gesture, Ability to change properties of an all user remote access connection, Ability to delete all user remote access connections, Ability to Enable/Disable a LAN connection, Ability to rename all user remote access connections, Ability to rename LAN connections or remote access connections available to all users, Enable Windows 2000 Network Connections settings for Administrators, Prohibit access to properties of a LAN connection, Prohibit access to properties of components of a LAN connection, Prohibit access to properties of components of a remote access connection, Prohibit access to the Advanced Settings item on the Advanced menu, Prohibit access to the New Connection Wizard, Prohibit access to the Remote Access Preferences item on the Advanced menu, Prohibit adding and removing components for a LAN or remote access connection, Prohibit changing properties of a private remote access connection, Prohibit connecting and disconnecting a remote access connection, Prohibit deletion of remote access connections, Prohibit Enabling/Disabling components of a LAN connection, Prohibit renaming private remote access connections, Prohibit viewing of status for an active connection, Turn off notifications when a connection has only limited or no connectivity, Turn off toast notifications on the lock screen, Add "Run in Separate Memory Space" check box to Run dialog box, Clear history of recently opened documents on exit, Clear the recent programs list for new users.