deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 13:27:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

add remoteshell csp

Browse Source
This commit is contained in:
Aaron Czechowski 2022-12-20 10:15:15 -08:00
parent 39dfa51e5c
commit 2c04209399
1 changed files with 326 additions and 261 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

587
windows/client-management/mdm/policy-csp-remoteshell.md
View File

@ -1,131 +1,109 @@
---
title: Policy CSP - RemoteShell
description: Learn details about the Policy CSP - RemoteShell setting so that you can configure access to remote shells.
title: RemoteShell Policy CSP
description: Learn more about the RemoteShell Area in Policy CSP
author: vinaypamnani-msft
manager: aaroncz
ms.author: vinpa
ms.topic: article
ms.date: 12/20/2022
ms.localizationpriority: medium
ms.prod: windows-client
ms.technology: itpro-manage
author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
manager: aaroncz
ms.topic: reference
---
<!-- Auto-Generated CSP Document -->
<!-- RemoteShell-Begin -->
# Policy CSP - RemoteShell
<hr/>
<!--Policies-->
## RemoteShell policies
<dl>
<dd>
<a href="#remoteshell-allowremoteshellaccess">RemoteShell/AllowRemoteShellAccess</a>
</dd>
<dd>
<a href="#remoteshell-maxconcurrentusers">RemoteShell/MaxConcurrentUsers</a>
</dd>
<dd>
<a href="#remoteshell-specifyidletimeout">RemoteShell/SpecifyIdleTimeout</a>
</dd>
<dd>
<a href="#remoteshell-specifymaxmemory">RemoteShell/SpecifyMaxMemory</a>
</dd>
<dd>
<a href="#remoteshell-specifymaxprocesses">RemoteShell/SpecifyMaxProcesses</a>
</dd>
<dd>
<a href="#remoteshell-specifymaxremoteshells">RemoteShell/SpecifyMaxRemoteShells</a>
</dd>
<dd>
<a href="#remoteshell-specifyshelltimeout">RemoteShell/SpecifyShellTimeout</a>
</dd>
</dl>
> [!TIP]
> These are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](../understanding-admx-backed-policies.md).
> Some of these are ADMX-backed policies and require a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](../understanding-admx-backed-policies.md#enabling-a-policy).
> You must specify the data type in the SyncML as &lt;Format&gt;chr&lt;/Format&gt;. For an example SyncML, refer to [Enabling a policy](./understanding-admx-backed-policies.md#enabling-a-policy).
>
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
> The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see [CDATA Sections](http://www.w3.org/TR/REC-xml/#sec-cdata-sect).
<hr/>
<!-- RemoteShell-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- RemoteShell-Editable-End -->
<!--Policy-->
<a href="" id="remoteshell-allowremoteshellaccess"></a>**RemoteShell/AllowRemoteShellAccess**
<!-- AllowRemoteShellAccess-Begin -->
## AllowRemoteShellAccess
<!--SupportedSKUs-->
<!-- AllowRemoteShellAccess-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
<!-- AllowRemoteShellAccess-Applicability-End -->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!-- AllowRemoteShellAccess-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/RemoteShell/AllowRemoteShellAccess
```
<!-- AllowRemoteShellAccess-OmaUri-End -->
<!--/SupportedSKUs-->
<hr/>
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
> [!div class = "checklist"]
> * Device
<hr/>
<!--/Scope-->
<!--Description-->
<!-- AllowRemoteShellAccess-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting configures access to remote shells.
If you enable or do not configure this policy setting, new remote shell connections are accepted by the server.
If you set this policy to disabled, new remote shell connections are rejected by the server.
<!-- AllowRemoteShellAccess-Description-End -->
<!--/Description-->
<!-- AllowRemoteShellAccess-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- AllowRemoteShellAccess-Editable-End -->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Allow Remote Shell Access*
- GP name: *AllowRemoteShellAccess*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
<!-- AllowRemoteShellAccess-DFProperties-Begin -->
**Description framework properties**:
<!--/ADMXBacked-->
<!--/Policy-->
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- AllowRemoteShellAccess-DFProperties-End -->
<hr/>
<!-- AllowRemoteShellAccess-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--Policy-->
<a href="" id="remoteshell-maxconcurrentusers"></a>**RemoteShell/MaxConcurrentUsers**
**ADMX mapping**:
<!--SupportedSKUs-->
| Name | Value |
|:--|:--|
| Name | AllowRemoteShellAccess |
| Friendly Name | Allow Remote Shell Access |
| Location | Computer Configuration |
| Path | Windows Components > Windows Remote Shell |
| Registry Key Name | Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
| Registry Value Name | AllowRemoteShellAccess |
| ADMX File Name | WindowsRemoteShell.admx |
<!-- AllowRemoteShellAccess-AdmxBacked-End -->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!-- AllowRemoteShellAccess-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- AllowRemoteShellAccess-Examples-End -->
<!--/SupportedSKUs-->
<hr/>
<!-- AllowRemoteShellAccess-End -->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
<!-- MaxConcurrentUsers-Begin -->
## MaxConcurrentUsers
> [!div class = "checklist"]
> * Device
<!-- MaxConcurrentUsers-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
<!-- MaxConcurrentUsers-Applicability-End -->
<hr/>
<!-- MaxConcurrentUsers-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/RemoteShell/MaxConcurrentUsers
```
<!-- MaxConcurrentUsers-OmaUri-End -->
<!--/Scope-->
<!--Description-->
<!-- MaxConcurrentUsers-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting configures the maximum number of users able to concurrently perform remote shell operations on the system.
The value can be any number from 1 to 100.
@ -133,97 +111,121 @@ The value can be any number from 1 to 100.
If you enable this policy setting, the new shell connections are rejected if they exceed the specified limit.
If you disable or do not configure this policy setting, the default number is five users.
<!-- MaxConcurrentUsers-Description-End -->
<!--/Description-->
<!-- MaxConcurrentUsers-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- MaxConcurrentUsers-Editable-End -->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *MaxConcurrentUsers*
- GP name: *MaxConcurrentUsers*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
<!-- MaxConcurrentUsers-DFProperties-Begin -->
**Description framework properties**:
<!--/ADMXBacked-->
<!--/Policy-->
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- MaxConcurrentUsers-DFProperties-End -->
<hr/>
<!-- MaxConcurrentUsers-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--Policy-->
<a href="" id="remoteshell-specifyidletimeout"></a>**RemoteShell/SpecifyIdleTimeout**
**ADMX mapping**:
<!--SupportedSKUs-->
| Name | Value |
|:--|:--|
| Name | MaxConcurrentUsers |
| Friendly Name | MaxConcurrentUsers |
| Location | Computer Configuration |
| Path | Windows Components > Windows Remote Shell |
| Registry Key Name | Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
| ADMX File Name | WindowsRemoteShell.admx |
<!-- MaxConcurrentUsers-AdmxBacked-End -->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!-- MaxConcurrentUsers-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- MaxConcurrentUsers-Examples-End -->
<!--/SupportedSKUs-->
<hr/>
<!-- MaxConcurrentUsers-End -->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
<!-- SpecifyIdleTimeout-Begin -->
## SpecifyIdleTimeout
> [!div class = "checklist"]
> * Device
<!-- SpecifyIdleTimeout-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
<!-- SpecifyIdleTimeout-Applicability-End -->
<hr/>
<!-- SpecifyIdleTimeout-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/RemoteShell/SpecifyIdleTimeout
```
<!-- SpecifyIdleTimeout-OmaUri-End -->
<!--/Scope-->
<!--Description-->
This policy setting configures the maximum time in milliseconds, and remote shell will stay open without any user activity until it is automatically deleted.
<!-- SpecifyIdleTimeout-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting configures the maximum time in milliseconds remote shell will stay open without any user activity until it is automatically deleted.
Any value from 0 to 0x7FFFFFFF can be set. A minimum of 60000 milliseconds (1 minute) is used for smaller values.
If you enable this policy setting, the server will wait for the specified amount of time since the last received message from the client before terminating the open shell.
If you do not configure or disable this policy setting, the default value of 900000 or 15 min will be used.
<!-- SpecifyIdleTimeout-Description-End -->
<!--/Description-->
<!-- SpecifyIdleTimeout-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SpecifyIdleTimeout-Editable-End -->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Specify idle Timeout*
- GP name: *IdleTimeout*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
<!-- SpecifyIdleTimeout-DFProperties-Begin -->
**Description framework properties**:
<!--/ADMXBacked-->
<!--/Policy-->
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- SpecifyIdleTimeout-DFProperties-End -->
<hr/>
<!-- SpecifyIdleTimeout-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--Policy-->
<a href="" id="remoteshell-specifymaxmemory"></a>**RemoteShell/SpecifyMaxMemory**
**ADMX mapping**:
<!--SupportedSKUs-->
| Name | Value |
|:--|:--|
| Name | IdleTimeout |
| Friendly Name | Specify idle Timeout |
| Location | Computer Configuration |
| Path | Windows Components > Windows Remote Shell |
| Registry Key Name | Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
| ADMX File Name | WindowsRemoteShell.admx |
<!-- SpecifyIdleTimeout-AdmxBacked-End -->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!-- SpecifyIdleTimeout-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SpecifyIdleTimeout-Examples-End -->
<!--/SupportedSKUs-->
<hr/>
<!-- SpecifyIdleTimeout-End -->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
<!-- SpecifyMaxMemory-Begin -->
## SpecifyMaxMemory
> [!div class = "checklist"]
> * Device
<!-- SpecifyMaxMemory-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
<!-- SpecifyMaxMemory-Applicability-End -->
<hr/>
<!-- SpecifyMaxMemory-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/RemoteShell/SpecifyMaxMemory
```
<!-- SpecifyMaxMemory-OmaUri-End -->
<!--/Scope-->
<!--Description-->
<!-- SpecifyMaxMemory-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting configures the maximum total amount of memory in megabytes that can be allocated by any active remote shell and all its child processes.
Any value from 0 to 0x7FFFFFFF can be set, where 0 equals unlimited memory, which means the ability of remote operations to allocate memory is only limited by the available virtual memory.
@ -231,161 +233,224 @@ Any value from 0 to 0x7FFFFFFF can be set, where 0 equals unlimited memory, whic
If you enable this policy setting, the remote operation is terminated when a new allocation exceeds the specified quota.
If you disable or do not configure this policy setting, the value 150 is used by default.
<!-- SpecifyMaxMemory-Description-End -->
<!--/Description-->
<!-- SpecifyMaxMemory-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SpecifyMaxMemory-Editable-End -->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Specify maximum amount of memory in MB per Shell*
- GP name: *MaxMemoryPerShellMB*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
<!-- SpecifyMaxMemory-DFProperties-Begin -->
**Description framework properties**:
<!--/ADMXBacked-->
<!--/Policy-->
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- SpecifyMaxMemory-DFProperties-End -->
<hr/>
<!-- SpecifyMaxMemory-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--Policy-->
<a href="" id="remoteshell-specifymaxprocesses"></a>**RemoteShell/SpecifyMaxProcesses**
**ADMX mapping**:
<!--SupportedSKUs-->
| Name | Value |
|:--|:--|
| Name | MaxMemoryPerShellMB |
| Friendly Name | Specify maximum amount of memory in MB per Shell |
| Location | Computer Configuration |
| Path | Windows Components > Windows Remote Shell |
| Registry Key Name | Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
| ADMX File Name | WindowsRemoteShell.admx |
<!-- SpecifyMaxMemory-AdmxBacked-End -->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!-- SpecifyMaxMemory-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SpecifyMaxMemory-Examples-End -->
<!--/SupportedSKUs-->
<hr/>
<!-- SpecifyMaxMemory-End -->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
<!-- SpecifyMaxProcesses-Begin -->
## SpecifyMaxProcesses
> [!div class = "checklist"]
> * Device
<!-- SpecifyMaxProcesses-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
<!-- SpecifyMaxProcesses-Applicability-End -->
<hr/>
<!-- SpecifyMaxProcesses-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/RemoteShell/SpecifyMaxProcesses
```
<!-- SpecifyMaxProcesses-OmaUri-End -->
<!--/Scope-->
<!--Description-->
<!-- SpecifyMaxProcesses-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting configures the maximum number of processes a remote shell is allowed to launch.
If you enable this policy setting, you can specify any number from 0 to 0x7FFFFFFF to set the maximum number of process per shell. Zero (0) means unlimited number of processes.
If you disable or do not configure this policy setting, the limit is five processes per shell.
<!-- SpecifyMaxProcesses-Description-End -->
<!--/Description-->
<!-- SpecifyMaxProcesses-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SpecifyMaxProcesses-Editable-End -->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Specify maximum number of processes per Shell*
- GP name: *MaxProcessesPerShell*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
<!-- SpecifyMaxProcesses-DFProperties-Begin -->
**Description framework properties**:
<!--/ADMXBacked-->
<!--/Policy-->
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- SpecifyMaxProcesses-DFProperties-End -->
<hr/>
<!-- SpecifyMaxProcesses-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--Policy-->
<a href="" id="remoteshell-specifymaxremoteshells"></a>**RemoteShell/SpecifyMaxRemoteShells**
**ADMX mapping**:
<!--SupportedSKUs-->
| Name | Value |
|:--|:--|
| Name | MaxProcessesPerShell |
| Friendly Name | Specify maximum number of processes per Shell |
| Location | Computer Configuration |
| Path | Windows Components > Windows Remote Shell |
| Registry Key Name | Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
| ADMX File Name | WindowsRemoteShell.admx |
<!-- SpecifyMaxProcesses-AdmxBacked-End -->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!-- SpecifyMaxProcesses-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SpecifyMaxProcesses-Examples-End -->
<!--/SupportedSKUs-->
<hr/>
<!-- SpecifyMaxProcesses-End -->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
<!-- SpecifyMaxRemoteShells-Begin -->
## SpecifyMaxRemoteShells
> [!div class = "checklist"]
> * Device
<!-- SpecifyMaxRemoteShells-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
<!-- SpecifyMaxRemoteShells-Applicability-End -->
<hr/>
<!-- SpecifyMaxRemoteShells-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/RemoteShell/SpecifyMaxRemoteShells
```
<!-- SpecifyMaxRemoteShells-OmaUri-End -->
<!--/Scope-->
<!--Description-->
This policy setting configures the maximum number of concurrent shells and any user can remotely open on the same system.
<!-- SpecifyMaxRemoteShells-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting configures the maximum number of concurrent shells any user can remotely open on the same system.
Any number from 0 to 0x7FFFFFFF can be set, where 0 means unlimited number of shells.
Any number from 0 to 0x7FFFFFFF cand be set, where 0 means unlimited number of shells.
If you enable this policy setting, the user cannot open new remote shells if the count exceeds the specified limit.
If you disable or do not configure this policy setting, by default the limit is set to two remote shells per user.
<!-- SpecifyMaxRemoteShells-Description-End -->
<!--/Description-->
<!-- SpecifyMaxRemoteShells-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SpecifyMaxRemoteShells-Editable-End -->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Specify maximum number of remote shells per user*
- GP name: *MaxShellsPerUser*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
<!-- SpecifyMaxRemoteShells-DFProperties-Begin -->
**Description framework properties**:
<!--/ADMXBacked-->
<!--/Policy-->
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- SpecifyMaxRemoteShells-DFProperties-End -->
<hr/>
<!-- SpecifyMaxRemoteShells-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
<!--Policy-->
<a href="" id="remoteshell-specifyshelltimeout"></a>**RemoteShell/SpecifyShellTimeout**
**ADMX mapping**:
<!--SupportedSKUs-->
| Name | Value |
|:--|:--|
| Name | MaxShellsPerUser |
| Friendly Name | Specify maximum number of remote shells per user |
| Location | Computer Configuration |
| Path | Windows Components > Windows Remote Shell |
| Registry Key Name | Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
| ADMX File Name | WindowsRemoteShell.admx |
<!-- SpecifyMaxRemoteShells-AdmxBacked-End -->
|Edition|Windows 10|Windows 11|
|--- |--- |--- |
|Home|No|No|
|Pro|Yes|Yes|
|Windows SE|No|Yes|
|Business|Yes|Yes|
|Enterprise|Yes|Yes|
|Education|Yes|Yes|
<!-- SpecifyMaxRemoteShells-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SpecifyMaxRemoteShells-Examples-End -->
<!--/SupportedSKUs-->
<hr/>
<!-- SpecifyMaxRemoteShells-End -->
<!--Scope-->
[Scope](./policy-configuration-service-provider.md#policy-scope):
<!-- SpecifyShellTimeout-Begin -->
## SpecifyShellTimeout
> [!div class = "checklist"]
> * Device
<!-- SpecifyShellTimeout-Applicability-Begin -->
| Scope | Editions | Applicable OS |
|:--|:--|:--|
| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1709 [10.0.16299] and later |
<!-- SpecifyShellTimeout-Applicability-End -->
<hr/>
<!-- SpecifyShellTimeout-OmaUri-Begin -->
```Device
./Device/Vendor/MSFT/Policy/Config/RemoteShell/SpecifyShellTimeout
```
<!-- SpecifyShellTimeout-OmaUri-End -->
<!--/Scope-->
<!--Description-->
<!-- SpecifyShellTimeout-Description-Begin -->
<!-- Description-Source-ADMX -->
This policy setting is deprecated and has no effect when set to any state: Enabled, Disabled, or Not Configured.
<!-- SpecifyShellTimeout-Description-End -->
<!--/Description-->
<!-- SpecifyShellTimeout-Editable-Begin -->
<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
<!-- SpecifyShellTimeout-Editable-End -->
<!--ADMXBacked-->
ADMX Info:
- GP Friendly name: *Specify Shell Timeout*
- GP name: *ShellTimeOut*
- GP path: *Windows Components/Windows Remote Shell*
- GP ADMX file name: *WindowsRemoteShell.admx*
<!-- SpecifyShellTimeout-DFProperties-Begin -->
**Description framework properties**:
<!--/ADMXBacked-->
<!--/Policy-->
<hr/>
| Property name | Property value |
|:--|:--|
| Format | chr (string) |
| Access Type | Add, Delete, Get, Replace |
<!-- SpecifyShellTimeout-DFProperties-End -->
<!--/Policies-->
<!-- SpecifyShellTimeout-AdmxBacked-Begin -->
> [!TIP]
> This is an ADMX-backed policy and requires SyncML format for configuration. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
## Related topics
**ADMX mapping**:
[Policy configuration service provider](policy-configuration-service-provider.md)
| Name | Value |
|:--|:--|
| Name | ShellTimeOut |
| Friendly Name | Specify Shell Timeout |
| Location | Computer Configuration |
| Path | Windows Components > Windows Remote Shell |
| Registry Key Name | Software\Policies\Microsoft\Windows\WinRM\Service\WinRS |
| ADMX File Name | WindowsRemoteShell.admx |
<!-- SpecifyShellTimeout-AdmxBacked-End -->
<!-- SpecifyShellTimeout-Examples-Begin -->
<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
<!-- SpecifyShellTimeout-Examples-End -->
<!-- SpecifyShellTimeout-End -->
<!-- RemoteShell-CspMoreInfo-Begin -->
<!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
<!-- RemoteShell-CspMoreInfo-End -->
<!-- RemoteShell-End -->
## Related articles
[Policy configuration service provider](policy-configuration-service-provider.md)