Hello Everyone, here is the next post from Configuration Profiles for you all. We will learn how to Enable the Do not delete temp folders upon exit Policy using Intune. Here also, we will make use of Configuration Profiles from Intune to achieve this task. This policy setting is for AVD multi-session.
This policy setting determines whether Remote Desktop Services retains a user’s temporary folders at the end of the session. This setting allows you to maintain a user’s session-specific temporary folders even after they log off from a session. A user’s temporary folders are automatically deleted when Remote Desktop Services logs them off.
The per-session temporary folders of a user are retained when the user logs off from a session if you enable this policy setting. If you disable this policy setting, temporary folders will be deleted when a user logs off, regardless of what the server administrator specifies.
There is a possibility that sensitive information may be contained inside the temporary folders and visible to other administrators who log in. This policy setting specifies whether the per-session temporary folders of a user are retained after they log off from Remote Desktop Services.
- Limit Local Account Blank Password Use to Console Logon Using Intune Policy
- Rename Administrator Account Policy Using Intune
Windows CSP Details TS_TEMP_DELETE
Let’s discuss Windows CSP Details for this Policy setting TS_TEMP_DELETE. Remote Desktop Services deletes temporary folders from the remote computer at logoff without configuring this policy setting, unless the server administrator specifies otherwise. This setting will only be effective if the server uses temporary folders per session. You cannot use this policy setting if you enable the Do not use temporary folders per session policy setting.
- TS_TEMP_DELETE is the policy to RDS retain a user’s per-session temporary folders at logoff.
- •This security setting helps RDS keep a user’s per-session temporary folders at logoff.
- If you enable the Do not use temporary folders per session policy setting, this policy setting has no effect.
CSP URI – •./Device/Vendor/MSFT/Policy/Config/ADMX_TerminalServer/TS_TEMP_DELETE
Do not delete temp folders upon exit Policy Using Intune
Follow the steps stated below to Enable Do not delete temp folders upon exit Policy Using Intune:
- Sign in to the Intune Admin Center portal https://intune.microsoft.com/.
- Select Devices > Windows > Configuration profiles > Create a profile.
In Create Profile, Select Windows 10 and later in Platform, and Select Profile Type as Settings catalog. Click on Create button.
| Platform | Profile Type |
|---|---|
| Windows 10 and later | Settings Catalog |
In the Basics tab pane, enter a name for the Policy as Do not delete temp folders upon exit Policy. If you like, you can enter the Description for the Policy, then select Next.
Now in Configuration settings, click Add settings to browse or search the catalog for the settings you want to configure.
On the Settings Picker windows, if you search by the keyword TEMP FOLDER, you will see Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary folders, as shown below in the image.
On selecting the option as shown below in the image, you will see one setting name, which is Do not delete temp folders upon exit. After adding your setting, click the cross mark at the right-hand corner, as shown below.
After this, in the Administrative Templates, set the Do not delete temp folders upon exit to Enabled, as shown below in the image.
In Scope tags, you can assign a tag to filter the profile to specific IT groups. Add scope tags (if required) and click Next. Under Assignments, In Included groups, click Add groups, and then choose Select groups to include one or more groups. Click Next to continue.
Now in Review + create, review your settings. When you click on Create, your changes are saved, and the profile is assigned.
A notification will appear automatically in the top right-hand corner with a message. You can see that the Policy “Do not delete temp folders upon exit Policy” was created successfully. If you check, the Policy is available in the Configuration profiles list.
Your groups will receive your profile settings when the devices check in with the Intune service. The Policy applies to the device.
Intune Reporting
From Intune Portal, you can view the Intune settings catalog profile report, which provides an overview of device configuration policies and deployment status.
To monitor the policy assignment, from the list of Configuration Profiles, select the Policy, and here you can check the device and user check-in status. If you click View Report, additional details are displayed.
Intune MDM Event Log
Intune event ID 813 or 814 indicates that a string policy has been applied to Windows 10 or 11 devices. In addition, you can view the exact value of the Policy that is being applied to those devices.
You can check the Event log path to confirm this – Applications and Services Logs – Microsoft – Windows – Devicemanagement-Enterprise-Diagnostics-Provider – Admin.
The log states the following – MDM PolicyManager: Set policy string, Policy: (TS_TEMP_DELETE), Area: (ADMX_TerminalServer), EnrollmentID requesting merge: (4009A089-4FBA-482B-9D17-9E5A8428CB98), Current User: (Device), String: (), Enrollment Type: (0xD), Scope: (0x0).
If you look in the event viewer log shown above, you will get some important information like Area and Enrollment ID that will help you in detecting the registry path. Please refer to the below for this information:
| Area | Policy | String Value | Scoped | Event ID |
|---|---|---|---|---|
| ADMX_TerminalServer | TS_TEMP_DELETE | enabled | Device | 814 |
You can use information from the above table to REGEDIT.exe on a target computer to view the registry settings that store group policy settings. These settings are located in the registry path.
- Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\PolicyManager\providers\4009A089-4FBA-482B-9D17-9E5A8428CB98\default\Device\ADMX_TerminalServer
After you navigate to the above path in the Registry Editor, you will find the registry with the name TS_TEMP_DELETE. Refer to the table and image as shown below.
| Registry Name | Data |
|---|---|
| TS_TEMP_DELETE | Enabled |
Author
Abhinav Rana is working as an SCCM Admin. He loves to help the community by sharing his knowledge. He is a B.Tech graduate in Information Technology.