When administrating a remote site one of the biggest problems is not being able to connect to a Remote Server or Workstation because Remote Desktop Services have not been setup. To ensure that all workstations are compliant with this we can set up a Group Policy that allows remote access.
Local Computer Policy
When setting up Remote Desktop you always have the option to go via the System Properties or Certain Registry changes. None of these will be handle now as those are for different scenarios, for this scenario we will only use the Local Group Policy editor.
To open the Group Policy editor on the start menu type in gpedit.msc. When the icon appears make sure to choose the option to Run as Administrator. This option will appear either on the right pane of the start button or you need to Right-Click (Alternate Click) the icon to open the additional menu options.
When the Local Group Policy editor open, browse to the following location:
Local Computer Policy –> Computer Configuration –> Administrative Templates –> Windows components –> Remote Desktop Services –> Remote Desktop Session Host –> Connections
Enable the setting Named: Allow users to connect remotely by using Remote Desktop Services
This setting will take effect immediately and all users in the correct groups will gain access to logon remotely via Remote Desktop.
Group Policy Management
When setting up the policy on a Domain environment we are going to use the Group Policy Management console. In the console browse to Group Policy Objects. If you have an existing policy that applies to all relevant workstation you can set the setting there.
Alternatively, you can create a new Policy with the Relevant Naming convention. As per the below screengrab, this policy will apply to a Computer Configuration it will be a System Setting and it will Enable RDP Connections. Very important if you want to change settings at a later stage.
The Policy will be in a Similar location as per the Local Group Policy editor. With only two slight changes in Location, See path:
Policy Name –> Computer Configuration –> Policies –> Administrative Templates –> Windows components –> Remote Desktop Services –> Remote Desktop Session Host –> Connections
Enable the setting Named: Allow users to connect remotely by using Remote Desktop Services.
From here it is as simple as assigning the GPO to the correct Organizational Units (OU). Once assigned I recommend that all workstations get rebooted. As even after doing a gpupdate /force the policy did not take effect until reboot.