Disconnecting from remote desktop session then causes hangs in OpenDL device enumeration. Disable the built-in graphics card will force the system to use a single card. Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Remote Session Environment > Use WDDM graphics display driver for Remote Desktop Connections | set to "Disabled". Use WDDM graphics display driver for Remote Desktop Connections to DISABLED . Road map for the Windows Display Driver Model (WDDM) Remove frequent programs list from the Start Menu, Remove links and access to Windows Update, Remove Network Connections from Start Menu, Remove pinned programs list from the Start Menu, Remove See More Results / Search Everywhere link, Remove the "Undock PC" button from the Start Menu, Remove user's folders from the Start Menu, Show "Run as different user" command on Start, Show Start on the display the user is using when they press the Windows logo key, Show the Apps view automatically when the user goes to Start, Turn off automatic promotion of notification icons to the taskbar, Turn off feature advertisement balloon notifications, Do not automatically make all redirected folders available offline, Do not automatically make specific redirected folders available offline, Enable optimized move of contents in Offline Files cache on Folder Redirection server path change, Configure Group Policy domain controller selection, Create new Group Policy Object links disabled by default, Set default name for new Group Policy objects, Set Group Policy refresh interval for users, Turn off Help Experience Improvement Program, Prompt for password on resume from hibernate/suspend, Connect home directory to root of the share, Specify network directories to sync at logon/logoff time only, Do not preserve zone information in file attachments, Hide mechanisms to remove zone information, Inclusion list for moderate risk file types, Notify antivirus programs when opening attachments, Configure Windows spotlight on lock screen, Do not suggest third-party content in Windows spotlight, Do not use diagnostic data for tailored experiences, Turn off Windows Spotlight on Action Center, Do not show recent apps when the mouse is pointing to the upper-left corner of the screen, Prevent users from replacing the Command Prompt with Windows PowerShell in the menu they see when they right-click the lower-left corner or press the Windows logo key+X, Search, Share, Start, Devices, and Settings don't appear when the mouse is pointing to the upper-right corner of the screen, Allow only per user or approved shell extensions, Display confirmation dialog when deleting files, Do not allow Folder Options to be opened from the Options button on the View tab of the ribbon, Do not display the Welcome Center at user logon, Do not move deleted files to the Recycle Bin, Do not track Shell shortcuts during roaming, Hides the Manage item on the File Explorer context menu, Hide these specified drives in My Computer, No Computers Near Me in Network Locations, Pin Internet search sites to the "Search again" links and the Start menu, Pin Libraries or Search Connectors to the "Search again" links and the Start menu, Prevent access to drives from My Computer. Background Intelligent Transfer Service (BITS), Microsoft Peer-to-Peer Networking Services, Windows Resource Exhaustion Detection and Resolution, Windows Standby/Resume Performance Diagnostics, Windows System Responsiveness Performance Diagnostics, Periodic check for updates to Internet Explorer and Internet Tools, Microsoft Secondary Authentication Factor, Windows Customer Experience Improvement Program, Resultant Set of Policy snap-in extensions, Search in Group Policy Administrative Templates, Force a specific background and accent color, Force a specific default lock screen and logon image, Prevent changing lock screen and logon image, Allow users to enable online speech recognition services, Force selected system UI language to overwrite the user UI language, Restricts the UI language Windows uses for all logged users, Apply the default user logon picture to all users, Do not allow the BITS client to use Windows Branch Cache, Do not allow the computer to act as a BITS Peercaching client, Do not allow the computer to act as a BITS Peercaching server, Limit the age of files in the BITS Peercache, Limit the maximum network bandwidth for BITS background transfers, Limit the maximum network bandwidth used for Peercaching, Limit the maximum number of BITS jobs for each user, Limit the maximum number of BITS jobs for this computer, Limit the maximum number of files allowed in a BITS job, Limit the maximum number of ranges that can be added to the file in a BITS job, Set default download behavior for BITS jobs on costed networks, Set up a maintenance schedule to limit the maximum network bandwidth used for BITS background transfers, Set up a work schedule to limit the maximum network bandwidth used for BITS background transfers, Configure Client BranchCache Version Support, Enable Automatic Hosted Cache Discovery by Service Connection Point, Set percentage of disk space used for client computer cache, Allow DNS suffix appending to unqualified multi-label name queries, Allow NetBT queries for fully qualified domain names, Prefer link local responses over DNS when received over a network with higher precedence, Register DNS records with connection-specific DNS suffix, Turn off smart multi-homed name resolution, Handle Caching on Continuous Availability Shares, Offline Files Availability on Continuous Availability Shares, Disable password strength validation for Peer Grouping, Turn off Microsoft Peer-to-Peer Networking Services, Windows Defender Firewall: Allow ICMP exceptions, Windows Defender Firewall: Allow inbound file and printer sharing exception, Windows Defender Firewall: Allow inbound remote administration exception, Windows Defender Firewall: Allow inbound Remote Desktop exceptions, Windows Defender Firewall: Allow inbound UPnP framework exceptions, Windows Defender Firewall: Allow local port exceptions, Windows Defender Firewall: Allow local program exceptions, Windows Defender Firewall: Define inbound port exceptions, Windows Defender Firewall: Define inbound program exceptions, Windows Defender Firewall: Do not allow exceptions, Windows Defender Firewall: Prohibit notifications, Windows Defender Firewall: Prohibit unicast response to multicast or broadcast requests, Windows Defender Firewall: Protect all network connections, Windows Defender Firewall: Allow authenticated IPsec bypass, Do not show the "local access only" network icon, Prohibit installation and configuration of Network Bridge on your DNS domain network, Prohibit use of Internet Connection Firewall on your DNS domain network, Prohibit use of Internet Connection Sharing on your DNS domain network, Require domain users to elevate when setting a network's location, Route all traffic through the internal network, Specify domain location determination URL, Domains categorized as both work and personal, Enterprise resource domains hosted in the cloud, Allow or Disallow use of the Offline Files feature, At logoff, delete local copy of user's offline files, Enable file synchronization on costed networks, Prohibit user configuration of Offline Files, Remove "Make Available Offline" for these files and folders, Specify administratively assigned Offline Files, Synchronize all offline files before logging off, Synchronize all offline files when logging on, Turn on economical application of administratively assigned Offline Files, Set IP Stateless Autoconfiguration Limits State, Disable power management in connected standby mode, Enable Windows to soft-disconnect a computer from a network, Minimize the number of simultaneous connections to the Internet or a Windows Domain, Prohibit connection to non-domain networks when connected to domain authenticated network, Prohibit connection to roaming Mobile Broadband networks, Configuration of wireless settings using Windows Connect Now, Prohibit access of the Windows Connect Now wizards, Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services, Set Per-App Cellular Access UI Visibility, Sets how often a DFS Client discovers DC's, Add Printer wizard - Network scan page (Managed network), Add Printer wizard - Network scan page (Unmanaged network), Allow Print Spooler to accept client connections, Always rasterize content to be printed using a software rasterizer, Automatically publish new printers in Active Directory, Change Microsoft XPS Document Writer (MXDW) default output format to the legacy Microsoft XPS format (*.xps), Custom support URL in the Printers folder's left pane, Disallow installation of printers using kernel-mode drivers, Do not allow v4 printer drivers to show printer extensions, Enable Device Control Printing Restrictions, Execute print drivers in isolated processes, Extend Point and Print connection to search Windows Update, Limits print driver installation to Administrators, List of Approved USB-connected print devices, Override print driver execution compatibility setting reported by print driver, Package Point and print - Approved servers, Pre-populate printer search location text, Prune printers that are not automatically republished, Remove "Recently added" list from Start Menu, Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands, Customize message for Access Denied errors, Enable access-denied assistance on client for all file types, Microsoft Customer Experience Improvement Program (CEIP), Enable automatic cleanup of unused appv packages, Enable background sync to server when on battery power, Allow First Time Application Launches if on a High Cost Windows 8 Metered Connection, Specify what to load in background (aka AutoLoad), Include command line in process creation events, Allow delegating default credentials with NTLM-only server authentication, Allow delegating fresh credentials with NTLM-only server authentication, Allow delegating saved credentials with NTLM-only server authentication, Remote host allows delegation of non-exportable credentials, Restrict delegation of credentials to remote servers, Deploy Windows Defender Application Control, Enable Device Health Attestation Monitoring and Reporting, Allow administrators to override Device Installation Restriction policies, Allow installation of devices that match any of these device IDs, Allow installation of devices that match any of these device instance IDs, Allow installation of devices using drivers that match these device setup classes, Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria, Display a custom message title when device installation is prevented by a policy setting, Display a custom message when installation is prevented by a policy setting, Prevent installation of devices not described by other policy settings, Prevent installation of devices that match any of these device IDs, Prevent installation of devices that match any of these device instance IDs, Prevent installation of devices using drivers that match these device setup classes, Prevent installation of removable devices, Time (in seconds) to force reboot when required for policy changes to take effect, Allow remote access to the Plug and Play interface, Do not send a Windows error report when a generic driver is installed on a device, Prevent creation of a system restore point during device activity that would normally prompt creation of a restore point, Prevent device metadata retrieval from the Internet, Prevent Windows from sending an error report when a device driver requests additional software during installation, Prioritize all digitally signed drivers equally during the driver ranking and selection process, Specify search order for device driver source locations, Specify the search server for device driver updates, Turn off "Found New Hardware" balloons during device installation, Prevent redirection of devices that match any of these device Ids, Log event when quota warning level exceeded, Configure Per-Process System DPI settings, Allow local activation security check exemptions, Define Activation Security Check exemptions, Allow non-administrators to install drivers for these device setup classes, Turn off Windows Update device driver search prompt, Allow only USB root hub connected Enhanced Storage devices, Configure list of Enhanced Storage devices usable on your computer, Configure list of IEEE 1667 silos usable on your computer, Do not allow non-Enhanced Storage removable devices, Do not allow password authentication of Enhanced Storage devices, Do not allow Windows to activate Enhanced Storage devices, Lock Enhanced Storage when the computer is locked, File Classification Infrastructure: Display Classification tab in File Explorer, File Classification Infrastructure: Specify classification properties list, Configure maximum age of file server shadow copies. In the Use WDDM graphics display driver for Remote Desktop Connections dialog, select Disabled. Check the status of RDP Services in Services By typing gpedit.msc in the Start menu or Run box (Win+R) Browse to: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Remote Session Environment Find the item "Use WDDM graphics display driver for Remote Desktop Connections" and disable it. Configure Microsoft Defender Application Guard clipboard settings, Configure Microsoft Defender Application Guard print settings, Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer, Turn on Microsoft Defender Application Guard in Managed Mode, Use a common set of exploit protection settings, Allow Address bar drop-down list suggestions, Allow configuration updates for the Books Library, Allow extended telemetry for the Books tab, Allow Microsoft Edge to pre-launch at Windows startup, when the system is idle, and each time Microsoft Edge is closed, Allow Microsoft Edge to start and load the Start and New Tab page at Windows startup and each time Microsoft Edge is closed, Always show the Books Library in Microsoft Edge, Configure search suggestions in Address bar, Configure the Adobe Flash Click-to-Run setting. This is a known Vista/Windows 7 limitation. set "Use WDDM graphics display driver for Remote Desktop Connections" to disabled Steps: - Disable the policy described above - Restart host computer (one you're remoting into) - re-connect via remote desktop - re-arrange desktop windows - disconnect - re-connect to test and verify nothing has been compacted back to primary monitor. Right-click on Windows key and select Device Manager from the list of options available. Location where all default Library definition files for users/machines reside. Use WDDM graphics display driver for Remote Desktop Connections Sorry, the version of OpenGL is too low, please upgrade the graphics driver Allow Secure Boot for integrity validation, Choose how BitLocker-protected operating system drives can be recovered, Configure pre-boot recovery message and URL, Configure TPM platform validation profile (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2), Configure TPM platform validation profile for BIOS-based firmware configurations, Configure TPM platform validation profile for native UEFI firmware configurations, Configure use of hardware-based encryption for operating system drives, Configure use of passwords for operating system drives, Disallow standard users from changing the PIN or password, Enable use of BitLocker authentication requiring preboot keyboard input on slates, Enforce drive encryption type on operating system drives, Require additional authentication at startup (Windows Server 2008 and Windows Vista), Require additional authentication at startup, Reset platform validation data after BitLocker recovery, Use enhanced Boot Configuration Data validation profile, Allow access to BitLocker-protected removable data drives from earlier versions of Windows, Choose how BitLocker-protected removable drives can be recovered, Configure use of hardware-based encryption for removable data drives, Configure use of passwords for removable data drives, Configure use of smart cards on removable data drives, Control use of BitLocker on removable drives, Deny write access to removable drives not protected by BitLocker, Enforce drive encryption type on removable data drives, Choose default folder for recovery password, Choose drive encryption method and cipher strength (Windows 8, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, Windows 10 [Version 1507]), Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later), Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7, Windows Server 2008 R2), Choose how users can recover BitLocker-protected drives (Windows Server 2008 and Windows Vista), Disable new DMA devices when this computer is locked, Provide the unique identifiers for your organization, Store BitLocker recovery information in Active Directory Domain Services (Windows Server 2008 and Windows Vista), Validate smart card certificate usage rule compliance, Do not display the password reveal button, Enumerate administrator accounts on elevation, Prevent the use of security questions for local accounts, Require trusted path for credential entry, Allow device name to be sent in Windows diagnostic data, Configure Authenticated Proxy usage for the Connected User Experience and Telemetry service, Configure collection of browsing data for Desktop Analytics, Configure Connected User Experiences and Telemetry, Configure diagnostic data upload endpoint for Desktop Analytics. - Use WDDM graphics display driver for Remote Desktop Connections Background: PAM was experiencing slowness in opening RDP session for some Windows target device The issue was solved after turn off this group policy for Windows target device side. use wddm graphics display driver for remote desktop connections Step 1: Select an appropriate GPU optimized Azure virtual machine size Five Key Steps to Take with Your Golden Images to Get Optimal Remote Unable to connect to an existing user session on the latest Windows You are right - when I set the GPO "Use WDDM graphics display driver for Remote Desktop Connections -> Disable" it does fix the CPU issue and the freezing issue. Win 10 1903 RDP (Remote Desktop) not retaining window positions or task The Windows Display Driver Model (WDDM) requires that a graphics hardware vendor supply a paired user-mode display driver and kernel-mode display driver (or display miniport driver ). The Saga of Microsoft, OpenGL and Remote Desktop set the policy "Use WDDM graphics display driver for Remote Desktop Connections" to DISABLED. Configure the system to clear the TPM if it is not in a ready state. Windows video subsystem failed. The relevant status code was 0xD0000001 Define security intelligence location for VDI clients. From what I understand, it isn't just the display adapter that causes the issue with affected chipsets, so putting a new video card in the machine or using a generic driver won't help (and it didn't for me). When using Windows Remote Desktop Connection, some users may have encountered an issue where Vic-3D 9 has a program failure when importing or viewing images in a project file. Solution 5. Remote Desktop connection failing outside of LAN - The Spiceworks Community Use the branch: Computer Configuration->Policies->Windows Settings->Administrative Templates->Windows Components->Remote Desktop Services->Remote Desktop Session Host->Remote Session Environment, set the Policy Use WDDM graphics display driver for Remote Desktop Connections to Disabled. Frequently Asked Questions for Intel Graphics and Windows Vista* Use WDDM graphics display driver for Remote Desktop Connections This policy setting lets you enable WDDM graphics display driver for Remote Desktop Connections. Block launching desktop apps associated with a file. Group Policy Computer Settings for VDAs - Carl Stalhood For this change to take effect, you must restart Windows. (I don't remember the exact error message.) OpenGL Configuration for Remote Desktop (Vic-3D 9) Click on the "Display" tab and look to the right under " Driver Model" under the Driver group box. Win10 21H1 removes XDDM driver support - used by Remote Desktop Block launching Universal Windows apps with Windows Runtime API access from hosted content. If you disable this policy setting, Remote Desktop Connections will NOT use WDDM graphics display driver. Enabling GPU Rendering for Microsoft Remote Desktop - Knowledge Base on Another user connected to ", you can go to way 6 to check login log. Click Display Make sure "Use all my monitory for the remote session" is checked. Enable dragging of content from different domains across windows, Enable dragging of content from different domains within a window, Include local path when user is uploading files to a server, Initialize and script ActiveX controls not marked as safe, Launching applications and files in an IFRAME, Navigate windows and frames across different domains, Run .NET Framework-reliant components not signed with Authenticode, Run .NET Framework-reliant components signed with Authenticode, Script ActiveX controls marked safe for scripting, Show security warning for potentially unsafe files, Web sites in less privileged Web content zones can navigate into this zone, Intranet Sites: Include all local (intranet) sites not listed in other zones, Intranet Sites: Include all network paths (UNCs), Intranet Sites: Include all sites that bypass the proxy server, Locked-Down Restricted Sites Zone Template, Turn on certificate address mismatch warning, Turn on Notification bar notification for intranet content, Go to an intranet site for a one-word entry in the Address bar, Allow Internet Explorer to play media files that use alternative codecs, Prevent configuration of search on Address bar, Prevent configuration of top-result search on Address bar, Prevent specifying cipher strength update information URLs, Prevent changing the URL for checking updates to Internet Explorer and Internet Tools, Prevent specifying the update check interval (in days), Open Internet Explorer tiles on the desktop, Set how links are opened in Internet Explorer, Prevent the computer from loading toolbars and Browser Helper Objects when InPrivate Browsing starts, Turn off collection of InPrivate Filtering data, Deny all add-ons unless specifically allowed in the Add-on List, Remove "Run this time" button for outdated ActiveX controls in Internet Explorer, Turn off Adobe Flash in Internet Explorer and prevent applications from using Internet Explorer technology to instantiate Flash objects, Turn off blocking of outdated ActiveX controls for Internet Explorer, Turn off blocking of outdated ActiveX controls for Internet Explorer on specific domains, Turn on ActiveX control logging in Internet Explorer, Change the maximum number of connections per host (HTTP 1.1), Maximum number of connections per server (HTTP 1.0), Set the maximum number of WebSocket connections per server, Install binaries signed by MD2 and MD4 signing technologies, Restricted Sites Zone Restricted Protocols, Allow fallback to SSL 3.0 (Internet Explorer), Do not display the reveal password button, Lock location of Stop and Refresh buttons, Add a specific list of search providers to the user's list of search providers, Allow "Save Target As" in Internet Explorer mode, Allow Internet Explorer 8 shutdown behavior, Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar, Automatically activate newly installed add-ons, Configure which channel of Microsoft Edge to use for opening redirected sites, Disable Automatic Install of Internet Explorer components, Disable changing Automatic Configuration settings, Disable changing secondary home page settings, Disable Internet Explorer 11 as a standalone browser, Disable Periodic Check for Internet Explorer software updates, Disable software update shell notifications on program launch, Do not allow users to enable or disable add-ons, Enable extended hot keys in Internet Explorer mode, Install new versions of Internet Explorer automatically, Keep all intranet sites in Internet Explorer, Let users turn on and use Enterprise Mode from the Tools menu, Make proxy settings per-machine (rather than per-user), Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet, Prevent bypassing SmartScreen Filter warnings, Prevent changing the default search provider, Prevent configuration of how windows open, Prevent configuration of new tab creation, Prevent Internet Explorer Search box from appearing, Prevent participation in the Customer Experience Improvement Program, Prevent per-user installation of ActiveX controls, Reset zoom to default for HTML dialogs in Internet Explorer mode, Restrict search providers to a specific list, Security Zones: Do not allow users to add/delete sites, Security Zones: Do not allow users to change policies, Security Zones: Use only machine settings. use wddm graphics display driver for remote desktop connections The six solutions for the errors are presented in the following content, select the proper ones. Use WDDM graphics display driver for Remote Desktop Connections to DISABLED This forces RDP to use the old (and now deprecated XDDM drivers) After rebooting, behaviour returns to normal and after disconnecting from an RDP session the RDP host (target machine) no longer shows DWM.EXE consuming CPU. Double-click Use WDDM graphics display driver for Remote Desktop Connections (available for Windows 10 version 1903 and newer Windows versions). set the policy "Use WDDM graphics display driver for Remote Desktop Connections" to DISABLED. Looks like AMD driver does not like the new WDDM remote desktop driver in Windows 10 1903. You must restart the VM after enabling the WDDM graphics display driver for the changes to take effect. "Use WDDM graphics display driver for Remote Desktop . For this, double the option, select ' Disable '. content, Turn off Help and Support Center Microsoft Knowledge Base search, Turn off Internet Connection Wizard if URL connection is referring to Microsoft.com, Turn off Internet download for Web publishing and online ordering wizards, Turn off Internet File Association service, Turn off Registration if URL connection is referring to Microsoft.com, Turn off Search Companion content file updates, Turn off the "Publish to Web" task for files and folders, Turn off the Windows Messenger Customer Experience Improvement Program, Turn off Windows Customer Experience Improvement Program, Turn off Windows Network Connectivity Status Indicator active tests, Turn off Windows Update device driver searching, Do not allow changes to initiator iqn name, Do not allow changes to initiator CHAP secret, Do not allow sessions without mutual CHAP, Do not allow sessions without one way CHAP, Do not allow adding new targets via manual configuration, Do not allow manual configuration of discovered targets, Do not allow manual configuration of iSNS servers, Do not allow manual configuration of target portals, KDC support for claims, compound authentication and Kerberos armoring, KDC support for PKInit Freshness Extension, Provide information about previous logons to client computers, Allow retrieving the cloud kerberos ticket during the logon, Always send compound authentication first, Define host name-to-Kerberos realm mappings, Define interoperable Kerberos V5 realm settings, Disable revocation checking for the SSL certificate of KDC proxy servers, Fail authentication requests when Kerberos armoring is not available, Kerberos client support for claims, compound authentication and Kerberos armoring, Require strict target SPN match on remote procedure calls, Set maximum Kerberos SSPI context token buffer size, Specify KDC proxy servers for Kerberos clients, Support device authentication using certificate, Enumeration policy for external devices incompatible with Kernel DMA Protection, Disallow copying of user input methods to the system account for sign-in, Disallow user override of locale settings, Allow users to select when a password is required when resuming from connected standby, Always wait for the network at computer startup and logon, Block user from showing account details on sign-in, Do not display the Getting Started welcome screen at logon, Do not enumerate connected users on domain-joined computers, Enumerate local users on domain-joined computers, Hide entry points for Fast User Switching, Turn off app notifications on the lock screen, Do not process incoming mailslot messages used for domain controller location based on NetBIOS domain names, Do not use NetBIOS-based discovery for domain controller location when DNS-based discovery fails, Set Priority in the DC Locator DNS SRV records, Set Weight in the DC Locator DNS SRV records, Specify address lookup behavior for DC locator ping, Specify DC Locator DNS records not registered by the DCs, Specify dynamic registration of the DC Locator DNS Records, Specify Refresh Interval of the DC Locator DNS records, Specify sites covered by the application directory partition DC Locator DNS SRV records, Specify sites covered by the DC Locator DNS SRV records, Specify sites covered by the GC Locator DNS SRV Records, Use automated site coverage by the DC Locator DNS SRV Records.