Skip to content

Use group policies to customize IAP Desktop

You can use a group policy object (GPO) to configure policies for IAP Desktop. Group policies take precedence over user settings: When you configure a group policy for a certain setting, users aren't allowed to change the respective setting.

For a full list of settings that you can control using group policies, see Group policy reference.

You can manage IAP Desktop group policies using Active Directory or Intune.

Before you can configure a group policy, you must first install the IAP Desktop Policy Templates:

  1. Download the PolicyTemplates package from the downloads page.
  2. Extract the package into the PolicyDefinitions folder of your central store .

You can now use the IAP Desktop templates to configure a group policy object:

  1. In the Group Policy Management Console, create or select a GPO.

  2. Link the GPO to an organizational unit that contains the users who should be able to use IAP Desktop.

    Note: You can configure policies per-computer or per-user. Computer-based policies take precendence over user-based policies.

  3. Right-click the GPO and select Edit.

  4. Navigate to User (or Computer) Configuration > Policies > Administrative Templates > Google IAP Desktop and customize policies as necessary.

    Policies

  5. Close the Group Policy Management Editor window.

Before you can configure a configuration policy, you must first install the IAP Desktop Policy Templates:

  1. In the Intune admin center , go to Devices > Configuration.
  2. Select the Import ADMX tab.

  3. Import the following templates:

    • Windows.admx and Windows.adml: You can find these files on your local computer in the C:\Windows\PolicyDefinitions\ directory.

    • IapDesktop.admx and IapDesktop.adml: You can find these files in the PolicyTemplates package from the downloads page.

You can now use the IAP Desktop templates to configure a configuration policy:

  1. Select the Policies tab.

  2. Click Create > New policy and select the following:

    • Platform: Windows 10 and later
    • Profile type: Templates
    • Template name: Imported Administrative templates

  3. Click Create.

  4. On the Create profile page, you can now see the IAP Desktop settings:

    Policies

  5. Customize the policy as necessary and assign them to relevant groups.

Use server-side group policies to customize Remote Desktop

To disallow clipboard sharing or restrict the usage of other Remote Desktop features, configure group policies on the target VM instance. You can configure these policies either by using the Local Group Policy Editor or by using Active Directory to apply a group policy.

You can find Remote Desktop policies under User (or Computer) Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host.