How To Enable Remote Desktop Via Group Policy (GPO)

Enable Remote Desktop via Group Policy

The biggest problem you could be potentially faced with, is actual permissions to modify any GPOs. I’m going to assume you have the permissions so we’ll just continue on with a bullet list that’s easy peasy for you to understand.

  • Open up Group Policy Management Console (GPMC).
  • Create a New Group Policy Object and name it Enable Remote Desktop.
  • Navigate to: Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Inbound Rules and Create a New Rule. Screenshot below.

Enable Remote Desktop via Group Policy

  • Select Port in the New Inbound Rule Wizard.
  • Ensure TCP and Specific Local Port : 3389

  Firewall Rule Port 3389

  • Allow the Connection and only select Domain and Private Profiles.
  • Name this rule – Inbound Rule for RDP Port 3389

 

Now that we have added the local ports, we’ll need to enable the Remote Desktop Session Host policies.

  • Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections
  •  Allow users to connect remotely by using Remote Desktop Services to Enable.

Connections - Allow RDP Settings

  • Now we’re going to enable Network Level Authentication.  This is highly recommended and has many security advantages.  However, that’s out of the scope of this article so I won’t go in to the details now.
  • Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security
  • Set Require user authentication for remote connections by using Network Level Authentication to Enable.

Security - Enable NLA Group Policy

  • Last but certainly not least, we need to apply the newly created GPO to an Organizational Unit so it actually works.
  • Close out of GPMC.  There aren’t any more settings to configure.

 

Enable Remote Desktop using Group Policy (GPO) Video Demo

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.