Optimizing RDP for casual use

By | 2015.06.23

Optimizing RDP client/server for casual use. Make it use less bandwidth. Get higher throughput and adaptive transfers.

Revisit

Back in 2011 I wrote a blog post on optimizing RDP in Windows 7. I’ve been thinking of updating that post for some time, and now finally got around to it.

Background

Since sometime around 2000 I have been working remotely over RDP. It is my preferred way of working since it allows me to have one main computer and my laptops are just a terminal. I have worked on low bandwidths, high bandwidths and everything in-between. For the most part the default settings served me well, but in some cases you may want to optimize it a bit further – and this is where this guide may be of help.

Optimizing RDP – the short story

If you do not want to dig into the dirty details then just follow this list.

  1. Open up UDP port 3389 in your firewall/port forwarder. Both TCP and UDP should be open.
  2. Open Group Edit: gpedit.msc
  3. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host”
  4. Set “Configure compression for RemoteFX data” to “Enabled” and “Optimized to use less network bandwidth” (if you have enough RAM, or “Balances memory and network” or “Optimized to use less memory” if not.)
  5. If you always connect through LAN/VPN then disable host-to-client encryption: Go to “Security” and set “Set client connection encryption level” to “Low level”. (Warning: Do not do this if you are not on a secure network.)

Optimizing RDP – the longer story

Enable UDP

Of course you have to open/forward TCP port 3389 to enable RDP. Since RDP 8.0 (came as an update to Windows 7 and Windows Server 2008 R2) there has been some additional improvements to the protocol. Notably an UDP connection has been added for adaptive/lossy transfer. Microsoft describes it as: “This feature offers advanced techniques such as intelligent and adaptive UDP transports, network loss tolerance, and recovery to provide a fast and fluid experience to users on a WAN.” The immediate effect I spotted when opening the UDP port was that sound and picture was synced in videos, and that I could run a fullscreen 1080p (cartoon) video smoothly over a remote connection. The video was encoded in lower quality than its source, but it still played and the RDP connection worked smoothly.

Enable/forward UDP port 3389. Meaning that you will have both TCP and UDP port 3389 open/forwarded to your RDP host.

PS! If it is unclear what “enable/forward” means: The ports have to be opened in any firewall (local or on network), and in the case of NAT the port has to be forwarded.

PS2! This feature is default set to “on”. For information about this feature and where you can disable it on the host computer go here.

Configure compression

Under group policy “Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment”.

In “Configure compression for RemoteFX data” change the compression level to what suits you best. Note that “Do not use an RDP compression algorithm” will use a lot of bandwidth. Set this to “Optimized to use less network bandwidth” if you suspect bandwidth is your bottleneck.

Up to Windows 7 this option was called “Set compression algorithm for RDP data”.

image

Configure encryption

Under group policy “Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security”.

The setting “Set client connection encryption level” allows you to change the encryption level of your connections. For most cases it is strongly recommended to keep encryption enabled. Setting it to “Low level” will encrypt data sent from the client to the server (mouse/keyboard), while not encrypt data sent from the server to the client. The setting “Client Compatible” will attempt to negotiate the strongest supported encryption by both ends. The setting “High level” (recommended) will use 128-bit encryption in data both sent and received.

Note that decrypting data is not a CPU-intensive operation, therefore encryption has very little/no impact on the client.

image

Tips

  • If you minimize your RDP window (on the client) it will not use any bandwidth. Useful if you are working over a metered connection (mobile).
  • Default setting is for the client to cache bitmaps. This is nice for slower connections, but on a LAN connection it can quickly lead to slowdowns when reading/writing cache on disk.
  • It could be worth checking out other vendors

Other optimizations / changes

If you are the admin of a RDP host server and you want to put certain limitations on your users there is a whole set of options you can change. To mention some:

  • Under group policy “Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections”
    • Restrict users to a single RDP session
    • Limit number of connections
    • Automatic reconnection
  • Under group policy “Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Device and Resource Redirection”
    • Disable audio/video redirect
    • Limit audio quality
    • Disable clipboard, COM/LPT-ports, drives, plug and play devices and smart card redirection
  • Under group policy “Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Printer Redirection”
    • Disable/configure printer redirection (printing from RDP to local printer)
  • Under group policy “Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Profiles”
    • Enforce and limit roaming profiles for RDP users
  • Under group policy “Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment”
    • Limit colors, resolution, number of monitors
    • Start a program on connection
    • RemoteFX settings for virtual hosts
  • Under group policy “Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security”
    • Always prompt for password
    • Require encryption
  • Under group policy “Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Session Time Limits”
    • Configure session timeouts

RemoteFX

If your desktop host is a Windows 7 or higher running as a HyperV virtual machine guest OS then you can enable RemoteFX. RemoteFX requires a compatible graphics card, and in short it gives your RDP session into the virtual host access to GPU hardware. For example I successfully started Battlefield 4 by RDP’ing into a Windows 8 virtual guest OS. It ran remotely (around 20Mb network connection) and it was very laggy (around 10 fps), but it did run nevertheless.

Note that RDP settings for RemoteFX is a separate set of options located side-by-side with the options described above.

Leave a Reply