Enable Remote Desktop via Group Policy
The biggest problem you could be potentially faced with, is actual permissions to modify any GPOs. I’m going to assume you have the permissions so we’ll just continue on with a bullet list that’s easy peasy for you to understand.
- Open up Group Policy Management Console (GPMC).
- Create a New Group Policy Object and name it Enable Remote Desktop.
- Navigate to: Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Inbound Rules and Create a New Rule. Screenshot below.
- Select Port in the New Inbound Rule Wizard.
- Ensure TCP and Specific Local Port : 3389
- Allow the Connection and only select Domain and Private Profiles.
- Name this rule – Inbound Rule for RDP Port 3389
Now that we have added the local ports, we’ll need to enable the Remote Desktop Session Host policies.
- Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections
- Allow users to connect remotely by using Remote Desktop Services to Enable.
- Now we’re going to enable Network Level Authentication. This is highly recommended and has many security advantages. However, that’s out of the scope of this article so I won’t go in to the details now.
- Go to Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security
- Set Require user authentication for remote connections by using Network Level Authentication to Enable.
- Last but certainly not least, we need to apply the newly created GPO to an Organizational Unit so it actually works.
- Close out of GPMC. There aren’t any more settings to configure.