The Set rules for remote control of Remote Desktop Services user sessions machine setting should be configured correctly. This policy setting allows you to specify the level of remote control permitted in a Remote Desktop Services session. You can use this policy setting to select one of two levels of remote control: View Session or Full Control. View Session permits the remote control user to watch a session. Full Control permits the administrator to interact with the session. Remote control can be established with or without the user's permission. If you enable this policy setting, administrators can remotely interact with a user's Remote Desktop Services session according to the specified rules. To set these rules, select the desired level of control and permission in the Options list. To disable remote control, select "No remote control allowed." If you disable or do not configure this policy setting, remote control rules are determined by the setting on the Remote Control tab in the Remote Desktop Session Host Configuration tool. By default, remote control users have full control of the session with the user's permission. Fix: (1) GPO: Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Set rules for remote control of Remote Desktop Services user sessions (2) KEY: HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\Shadow