diff -ur xrdp-0.10.0.orig/sesman/sesman.ini xrdp-0.10.0/sesman/sesman.ini
--- xrdp-0.10.0.orig/sesman/sesman.ini	2024-05-10 16:14:05.000000000 +0200
+++ xrdp-0.10.0/sesman/sesman.ini	2024-06-13 19:35:30.492411263 +0200
@@ -12,13 +12,13 @@
 ReconnectScript=reconnectwm.sh
 
 [Security]
-AllowRootLogin=true
+AllowRootLogin=false
 MaxLoginRetry=4
-TerminalServerUsers=tsusers
-TerminalServerAdmins=tsadmins
+TerminalServerUsers=xrdp
+TerminalServerAdmins=root
 ; When AlwaysGroupCheck=false access will be permitted
 ; if the group TerminalServerUsers is not defined.
-AlwaysGroupCheck=false
+AlwaysGroupCheck=true
 ; When RestrictOutboundClipboard=all clipboard from the
 ; server is not pushed to the client.
 ; In addition, you can control text/file/image transfer restrictions
@@ -109,13 +109,13 @@
 
 [Logging]
 ; Note: Log levels can be any of: core, error, warning, info, debug, or trace
-LogFile=xrdp-sesman.log
+LogFile=/dev/null
 LogLevel=INFO
 EnableSyslog=true
-#SyslogLevel=INFO
-#EnableConsole=false
-#ConsoleLevel=INFO
-#EnableProcessId=false
+SyslogLevel=INFO
+EnableConsole=false
+ConsoleLevel=INFO
+EnableProcessId=false
 
 [LoggingPerLogger]
 ; Note: per logger configuration is only used if xrdp is built with
@@ -147,8 +147,8 @@
 param=-noreset
 param=-nolisten
 param=tcp
-param=-logfile
-param=.xorgxrdp.%s.log
+#param=-logfile
+#param=.xorgxrdp.%s.log
 
 [Xvnc]
 param=Xvnc
diff -ur xrdp-0.10.0.orig/xrdp/xrdp.ini xrdp-0.10.0/xrdp/xrdp.ini
--- xrdp-0.10.0.orig/xrdp/xrdp.ini	2024-05-10 16:14:05.000000000 +0200
+++ xrdp-0.10.0/xrdp/xrdp.ini	2024-06-13 19:36:33.477301111 +0200
@@ -5,6 +5,9 @@
 ; fork a new process for each incoming connection
 fork=true
 
+; IP address to listen
+#address=127.0.0.1
+
 ; ports to listen on, number alone means listen on all interfaces
 ; 0.0.0.0 or :: if ipv6 is configured
 ; space between multiple occurrences
@@ -195,13 +198,13 @@
 
 [Logging]
 ; Note: Log levels can be any of: core, error, warning, info, debug, or trace
-LogFile=xrdp.log
+LogFile=/dev/null
 LogLevel=INFO
 EnableSyslog=true
-#SyslogLevel=INFO
-#EnableConsole=false
-#ConsoleLevel=INFO
-#EnableProcessId=false
+SyslogLevel=INFO
+EnableConsole=false
+ConsoleLevel=INFO
+EnableProcessId=false
 
 [LoggingPerLogger]
 ; Note: per logger configuration is only used if xrdp is built with
@@ -234,13 +237,13 @@
 ; Some session types such as Xorg and Xvnc start a display server.
 ; Startup command-line parameters for the display server are configured
 ; in sesman.ini. See and configure also sesman.ini.
-[Xorg]
-name=Xorg
-lib=libxup.so
-username=ask
-password=ask
-port=-1
-code=20
+#[Xorg]
+#name=Xorg
+#lib=libxup.so
+#username=ask
+#password=ask
+#port=-1
+#code=20
 
 [Xvnc]
 name=Xvnc
@@ -262,13 +265,13 @@
 ; Generic VNC Proxy
 ; Tailor this to specific hosts and VNC instances by specifying an ip
 ; and port and setting a suitable name.
-[vnc-any]
-name=vnc-any
-lib=libvnc.so
-ip=ask
-port=ask5900
-username=na
-password=ask
+#[vnc-any]
+#name=vnc-any
+#lib=libvnc.so
+#ip=ask
+#port=ask5900
+#username=na
+#password=ask
 #pamusername=asksame
 #pampassword=asksame
 #delay_ms=2000
@@ -276,15 +279,15 @@
 ; Generic RDP proxy using NeutrinoRDP
 ; Tailor this to specific hosts by specifying an ip and port and setting
 ; a suitable name.
-[neutrinordp-any]
-name=neutrinordp-any
+#[neutrinordp-any]
+#name=neutrinordp-any
 ; To use this section, you should build xrdp with configure option
 ; --enable-neutrinordp.
-lib=libxrdpneutrinordp.so
-ip=ask
-port=ask3389
-username=ask
-password=ask
+#lib=libxrdpneutrinordp.so
+#ip=ask
+#port=ask3389
+#username=ask
+#password=ask
 ; Uncomment the following lines to enable PAM authentication for proxy
 ; connections.
 #pamusername=ask