Group Policies Enable Remote Desktop

(Last Updated On: 2021-02-23)

When administrating a remote site one of the biggest problems is not being able to connect to a Remote Server or Workstation because Remote Desktop Services have not been setup. To ensure that all workstations are compliant with this we can set up a Group Policy that allows remote access.

As a side note, this policy works well when combining with a Group Policy to Remove Administrator Rights.

Local Computer Policy

When setting up Remote Desktop you always have the option to go via the System Properties or Certain Registry changes. None of these will be handle now as those are for different scenarios, for this scenario we will only use the Local Group Policy editor.

To open the Group Policy editor on the start menu type in gpedit.msc. When the icon appears make sure to choose the option to Run as Administrator. This option will appear either on the right pane of the start button or you need to Right-Click (Alternate Click) the icon to open the additional menu options.

When the Local Group Policy editor open, browse to the following location:

Local Computer Policy –> Computer Configuration –> Administrative Templates –> Windows components –> Remote Desktop Services –> Remote Desktop Session Host –> Connections

Group Policies Enable Remote DesktopLocal Computer Policy

Enable the setting Named: Allow users to connect remotely by using Remote Desktop Services

This setting will take effect immediately and all users in the correct groups will gain access to logon remotely via Remote Desktop.

Frankly, this is not the best way of setting these settings. Regardless if it can be done on the Local policies, it can be replicated on a Domain environment to all Workstations.

Group Policy Management

When setting up the policy on a Domain environment we are going to use the Group Policy Management console. In the console browse to Group Policy Objects. If you have an existing policy that applies to all relevant workstation you can set the setting there.

Alternatively, you can create a new Policy with the Relevant Naming convention. As per the below screengrab, this policy will apply to a Computer Configuration it will be a System Setting and it will Enable RDP Connections. Very important if you want to change settings at a later stage.

Group Policies Enable Remote DesktopNew GPO

The Policy will be in a Similar location as per the Local Group Policy editor. With only two slight changes in Location, See path:

Policy Name –> Computer Configuration –> Policies –> Administrative Templates –> Windows components –> Remote Desktop Services –> Remote Desktop Session Host –> Connections

Group Policies Enable Remote DesktopGroup Policy Management

Enable the setting Named: Allow users to connect remotely by using Remote Desktop Services.

From here it is as simple as assigning the GPO to the correct Organizational Units (OU). Once assigned I recommend that all workstations get rebooted. As even after doing a gpupdate /force the policy did not take effect until reboot.

********************************************************

If you liked what you read Please Share.
I’d love it if you followed me on YouTube and Facebook.

Also, feel free to subscribe to my posts by email.
Donations for the site can be made here.

Thanks for reading.
Spread the love

Leave a Reply

Your email address will not be published. Required fields are marked *