Enable RDP via Group Policy

KB ID 0000043

Problem

Rather than enabling on an ad-hoc basis, you want to turn on RDP for multiple machines via Group Policy.

Solution

Group Policy Location

To simply enable RDP, change the following policy;

Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

Locate and change the “Allow users to connect remotely using Remote Desktop Service” policy.

2008 R2 RDP Group Policy Location

Allow RDP on the Windows Firewall with Group Policy

Navigate to the following policy;

Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules

Right click > New rule > Change Predefines to “Remote Desktop” > Next > Next.

2008 R2 RDP Firewall Policy

Allow the connection > Finish.

Windows Allow RDP Through Firewall

Allow users to connect via RDP though Group Policy

Any member of the machines ‘Remote Desktop Users’ group can log on via RDP, if you have a lot of machines you can create a global security group in active directory (mine below is called SG-Remote-Desktop-Users). And I’ve added it globally to all the computers local ‘Remote Desktop Users’ groups using ‘Restricted groups’.

Navigate to the following policy;

Computer Configuration > Windows Settings > Security Settings > Restricted Groups

Allow User RDP Rights

Right click > Add Group > Browse > Add your group > In the LOWER (This group is a member of) section click Add > Type in Remote Desktop Users > OK > OK.

2008 RDP Policy Location

Computer Configuration > Policies > Administrative Templates > Windows Components > Terminal Services > Terminal Server > Connections.

“Allow users to connect remotely using Terminal services”

To enable Remote Desktop, click Enabled.

To disable Remote Desktop, click Disabled.

2008 RDP Group Policy Location

2000/ 2003 RDP Policy Location

Computer Configuration > Administrative Templates > Windows Components > Terminal Services.

“Allows users to connect remotely using Terminal services”

To enable Remote Desktop, click Enabled.

To disable Remote Desktop, click Disabled.

 

Related Articles, References, Credits, or External Links

Original article written 17/07/09

Author: Migrated

Share This Post On