// Since this works via Win2K+ policy settings, any configuration
// you set with this cannot be overridden locally while it is configured.

// To deploy this, add it to your collection of ADM files on a machine with
// gpedit and then run gpedit.  Select whether it is enabled or disabled.
// To deactivate, change it to unconfigured in gpedit.


CLASS MACHINE
CATEGORY "Remote Desktop Configuration"
	KEYNAME     "SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services"
	
	POLICY !!DENY_CONNECT
		#if version >= 4
			SUPPORTED !!WinXP
		#endif
		EXPLAIN  !!DENY_CONNECT_EXPLAIN 
		ACTIONLISTON
			VALUENAME "fDenyTSConnections" VALUE NUMERIC 1
		END ACTIONLISTON
		ACTIONLISTOFF
			VALUENAME "fDenyTSConnections" VALUE NUMERIC 0
		END ACTIONLISTOFF
	END POLICY
End Category

[strings]
WinXP="At least Windows XP Professional or .NET Server"
DENY_CONNECT="Do not allow client connections"
DENY_CONNECT_EXPLAIN="Prevents remote desktop connections to the system."