Picture this: you just setup a remote site and now you find yourself having to support servers [or users] you cant physically get to. Since walking to their desk is not an option, you need to figure outHow to enable Remote Desktop via Group Policyso it gets applied to machines at that site. Today, thats exactly what Im going to show you how to do.
Enable Remote Desktop via Group Policy
The biggest problem you could be potentially faced with, is actual permissions to modify any GPOs. Im going to assume you have the permissions so well just continue on with a bullet list thats easy peasy for you to understand.
- Open up Group Policy Management Console [GPMC].
- Create a New Group Policy Object and name it Enable Remote Desktop.
- Navigate to: Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Inbound Rules and Create a New Rule. Screenshot below.
- Select Port in the New Inbound Rule Wizard.
- Ensure TCP and Specific Local Port :3389
- Allow the Connection and only select Domain and Private Profiles.
- Name this rule Inbound Rule for RDP Port 3389
Now that we have added the local ports, well need to enable the Remote Desktop Session Host policies.
- Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections
- Allow users to connect remotely by using Remote Desktop ServicestoEnable.
- Now were going to enable Network Level Authentication. This is highly recommended and has many security advantages. However, thats out of the scope of this article so I wont go in to the details now.
- Go toComputer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security
- SetRequire user authentication for remote connections by using Network Level AuthenticationtoEnable.
- Last but certainly not least, we need to apply the newly created GPO to an Organizational Unit so it actually works.
- Close out of GPMC. There arent any more settings to configure.
Enable Remote Desktop using Group Policy [GPO] Video Demo
Last but certainly not least be sure to check out our YouTube Channel for awesome How-Tos and other Sysadmin related content.