Windows Server Allow Remote Desktop

RDP [Remote Desktop Protocol] is the protocol that allows a user to connect to a Windows Server through a graphical interface over any network.

This guide will describe the steps to enable and disable Remote Desktop service in the Windows server through the graphical interface as well as Windows Powershell.

Enable RDP through graphical interface

1. Click on Start Menu button and then on Server Manager.

2. In the Server Manager window, click on Local Server in the left side panel and wait for few minutes for the server status to get refreshed. The Remote Desktop option will be shown as Disabled in Windows 2019 version.

3. Click on the Disabled option and this will open up the Remote tab in the System Properties window.

   NOTE: The System Properties window can also be accessed from Control Panel option by clicking on System and then on Remote settings in the left panel or from the Windows command prompt by executing the below command.

   > SystemPropertiesRemote

4. From under Remote Desktop section, select the option Allow remote connections to this computer.

   The sub-option Allow connections only from computers running Remote Desktop with Network Level Authentication [recommended] can be left enabled or disabled, depending upon the machines from which Remote Desktop connection is being established to the server. If the local machine is Linux-based, then this option needs to be disabled.

5. Once this option Allow remote connections to this computer is selected, a warning message window will appear notifying the user that the required firewall rules will be enabled in the server for allowing Remote connections to the server from any source network. Click on OK to proceed.

6. Click on OK in the System Properties window to complete the process of enabling Remote Desktop in the server.

7. The status of the Remote Desktop service can now be confirmed back from Server Manager, where it will show as Enabled once the Server Manager is refreshed.

Enable RDP through Windows Powershell

1. The registry value that enables/disables Remote Desktop can be modified using the Set-ItemProperty cmdlet.

   > Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0

2. Once this is completed, the Enable-NetFirewallRule cmdlet can be used to set the Windows firewall to allow remote desktop connections.

   > Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

Testing allowed Remote Desktop connection service

Once Remote Desktop is enabled in the server, remote connections to the server can be tested using the Remote Desktop Connection app [Windows] or the rdesktop command [Linux].

Windows:

1. Click on Start Menu option and search for Remote Desktop Connection and click on the application.

2. Type in the IP address of the server that needs to be connected to remotely in the Computer field and then click on Connect.

   If the server has any custom RDP port, then the IP needs to be typed in the below format [replace 123.123.123.123 with the exact server IP address and 1234 with the custom port number].

   123.123.123.123:1234

3. Type in the username and associated password with which the server is to be accessed remotely in the Windows Security window and then click on OK to connect to the server remotely.

Linux:

In all Linux distributions, the most common command that can be used to connect to the remote desktop of a server is rdesktop. Another command that can be used is xfreerdp.

1. Type in the below command in the Linux command line to remotely connect to a server with the rdesktop command [replace 123.123.123.123 with the exact IP address of the server].

   # rdesktop 123.123.123.123

2. Once the command is entered, a remote desktop connection window will appear, in which the username and associated password are to be entered to access the server remotely.

Disable RDP through graphical interface

1. Access the server and Click on Start Menu button and then on Server Manager.

2. In the Server Manager window, click on Local Server in the left side panel and wait for few minutes for the server status to get refreshed. The Remote Desktop option will be shown as Enabled.

3. Click on the Enabled option and this will open up the Remote tab in the System Properties window.

   NOTE: The System Properties window can also be accessed from Control Panel option by clicking on System and then on Remote settings in the left panel or from Windows command prompt by executing the below command.

   > SystemPropertiesRemote

4. From under Remote Desktop section, select the option Don’t allow remote connections to this computer.

5. Click on OK to proceed.

6. The status of the Remote Desktop service can now be confirmed back from Server Manager, where it will show as Disabled once the Server Manager is refreshed.

Disable RDP through Windows PowerShell

1. The registry value that enables/disables Remote Desktop can be modified using the Set-ItemProperty cmdlet.

   > Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 1

Testing restricted Remote Desktop connection service

Once Remote Desktop is disabled in the server, remote connections to the server can be tested using the Remote Desktop Connection app.

Windows:

1. Click on Start Menu option and search for Remote Desktop Connection and click on the application.

2. Type in the IP address of the server that needs to be connected to remotely in the Computer field and then click on Connect.

   If the server has any custom RDP port, then the IP needs to be typed in the below format [replace 123.123.123.123 with the exact server IP address and 1234 with the custom port number].

   123.123.123.123:1234

3. The warning message will receive as shown below.

Related LayerStack Product

• Microsoft Remote Desktop Services [CAL Users]

Related Tutorials

Assume a situation whereby you have just set up a remote site and now you find yourself having users or support servers that you can’t physically gain access. This means walking to the desk is out of your options. So how do you go about it to access the data and information you may be in need of?

To get it right, you need to figure out how to enable Remote Desktop via Group Policy, so that it can get applied to all devices at your site. Configuration of remote desktop forms the basis of our guide today. Let’s get started. 

What is Remote Desktop Group Policy

Almost all users who are interested in building safe connections between computers on the internet might have heard about RDP or VPN. RDP stands for the Remote Desktop Protocol. It is a network of communications protocol developed by Microsoft, to allow users to connect to another computer.

With RDP, one can connect to any computer that runs Windows. With RDP, you can connect to the remote PC, view the same display and interact as if you are working on that machine locally. 

Some instances where you may need to use RDP include;

• When traveling or when on vacation and you need to access your work computer
• When you can’t go to your office due to certain reasons and you still need to fulfill your daily tasks
• When you are a system admin and you need to perform administrative duties on your PC such as computer troubleshooting, tune-up, ID protection setting, printer set-up, software installation, email setup, virus and spyware removal, among others.
• When you need to give a demo and you need to access data from a private device
• When you want to personalize your remote desktop on experiences such as resolution, connection setting, screen setting, toolbar, start menu, icons among others.

How to Enable Remote Desktop Remotely on Windows 10

The easiest way to enable Remote Desktop on the Windows operating system family is to use a Graphical User Interface [GUI]. To do this, you need to;

Open the “System” control panel, go to “Remote Setting” and enable the “Allow remote connection to this computer” option in the Remote Desktop section. 

However, performing the above process will need local access to the computer on which you want to enable the RD. 

By default, remote desktop is disabled in both desktop versions of Windows and in Windows Server.

How to Enable Remote Desktop Remotely Using PowerShell

Suppose you want to remotely enable RDP on Windows Server 2012 R2/2016/2019. Here is the procedure to achieve the same;

1. On your computer, open the PowerShell console and run the following commands to connect to your remote server. Enter-PSSession -ComputerName server.domain.local -Credential domain\administrator.
2. You will have established a remote session with a computer and now you can execute PowerShell commands on it. To enable Remote Desktop, you need to change registry parameter fDenyTSConnections from 1 to 0 on the remote machine. Run the command; Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
3. When RDP is enabled this way [as opposed to GUI method] the rule that allows remote RDP connections is not enabled in the Windows Firewall rules.
4. To allow incoming RDP connections in Windows Firewall, run the command; Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
5. If for some reason the firewall rule is deleted, you can create it manually using the following commands. netsh advfirewall firewall add rule name="allow RemoteDesktop" dir=in protocol=TCP localport=3389 action=allow
6. In case you need to allow secure RDP authentication [NLA – Network Level Authentication] run the command; Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1
7. Now from your computer, you can check the TCP 3389 port on the remote host to see if it has become available. To do so, run the command below’ Test-NetConnection 192.168.1.11 -CommonTCPPort RDP.
8. If successful, you should get results similar to what is shown below’

The above results mean RDP on the remote host is enables and you can establish a remote desktop connection using mstsc client.

How to Enable/Disable Remote Desktop Using Group Policy

You can enable or disable remote desktop using group policy. To do so, perform the following steps

1. Search gpedit.msc in the Start menu. In the program list, click gpedit.msc  as shown below;
2. After Local Group Policy Editor opens, expand Computer Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >> Connections. 
3. On the right-side panel. Double-click on Allow users to connect remotely using Remote Desktop Services. See below;
4. Select Enabled and click Apply if you want to enable Remote Desktop. Select Disabled and click Apply if you need to disable it. 

Now you will have enabled or disabled remote desktop using group policy

Network Level Authentication NLA on the remote RDP server

Network Level Authentication is a method used to enhance RD Session Host server security by requiring that a user be authenticated to RD session Host Server before a session can be created.

If you want to restrict who can access your PC, you can choose to allow access only with Network Level Authentication [NLA]. NLA is an authentication tool used in RDP  Server. When a user tries to establish a connection to a device that is NLA enabled, NLA will delegate the user’s credentials from the client-side Security Support Provider to the server for authentication, before creating a session.

The advantages of Network Level Authentication is;

• It requires fewer remote computer resources initially.
• It can provide better security by reducing the risk of denial of service attacks.

To configure Network Level Authentication for a connection, follow the steps below.

1. On the RD Session Host Server, open Remote Desktop Session Host Configuration. To do so, click Start>>Adminstrative Tools1>>Remote Desktop Services>> Remote Desktop Session Host Configuration.
2. Under Connections, right-click the name of the connection and then click Properties.
3. On the General tab, select Allow the connection only from computers running Remote Desktop with Network Level Authentication checkbox
4. Click OK

Note, under step 3, if the “Allow connections only from computers running a remote desktop with network-level authentication” checkbox is not enabled, the “Require user authentication for remote connections by using network-level authentication” Group Policy setting has to be enabled, and has been applied to the RD Session Host Server.