Enable RDP via Group Policy

KB ID 0000043

Problem

Rather than enabling on an ad-hoc basis, you want to turn on RDP for multiple machines via Group Policy.

Solution

Group Policy Location

To simply enable RDP, change the following policy;

[box]

Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections

[/box]

Locate and change the “Allow users to connect remotely using Remote Desktop Service” policy.

Allow RDP on the Windows Firewall with Group Policy

Navigate to the following policy;

[box]

Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules

[/box]

Right click > New rule > Change Predefines to “Remote Desktop” > Next > Next.

Allow the connection > Finish.

Allow users to connect via RDP though Group Policy

Any member of the machines ‘Remote Desktop Users’ group can log on via RDP, if you have a lot of machines you can create a global security group in active directory (mine below is called SG-Remote-Desktop-Users). And I’ve added it globally to all the computers local ‘Remote Desktop Users’ groups using ‘Restricted groups’.

Navigate to the following policy;

[box]

Computer Configuration > Windows Settings > Security Settings > Restricted Groups

[/box]

Right click > Add Group > Browse > Add your group > In the LOWER (This group is a member of) section click Add > Type in Remote Desktop Users > OK > OK.

2008 RDP Policy Location

Computer Configuration > Policies > Administrative Templates > Windows Components > Terminal Services > Terminal Server > Connections.

“Allow users to connect remotely using Terminal services”

To enable Remote Desktop, click Enabled.

To disable Remote Desktop, click Disabled.

2000/ 2003 RDP Policy Location

Computer Configuration > Administrative Templates > Windows Components > Terminal Services.

“Allows users to connect remotely using Terminal services”

To enable Remote Desktop, click Enabled.

To disable Remote Desktop, click Disabled.

 

Related Articles, References, Credits, or External Links

Original article written 17/07/09