How do you enable remote desktop via group policy?

Q: I have several computers on my enterprise and I don’t want to manually allow remote desktop on each one. How can I enable it either across all computers or target a policy to certain groups?


A: You can do this via Group Policy. There are two things you need to configure as you would on any client a) Allow Remote Desktop and b) Configure the firewall to allow remote desktop. Below are the settings you need to find in the Group Policy editor:

Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Allow Remote Desktop Exception

Computer Configuration > Administrative Templates > Windows Components > Terminal Services > Allow users to connect remotely using Terminal Services

or

Computer Configuration > Policies > Administrative Templates > Windows Components > Terminal Services > Connections > Allow users to connect remotely using Terminal Services

How to Enable or Disable Remote Desktop via Group Policy Windows Server

1- We can use Group Policy setting to (enable or disable) Remote Desktop

  • Click Start / All programs / Administrative Tools / Group Policy Management.
  • Create or Edit Group Policy Objects.
  • Expand Computer Configuration / Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / Connections.
  • Allow users to connect remotely using Remote Desktop Services (enable or disable)

2- We can use Group Policy Preferences to (enable or disable) Remote Desktop

  • Click Start / All programs / Administrative Tools / Group Policy Management.
  • Create or Edit Group Policy Objects
  • Expand Computer Configuration / Preferences / Windows Settings.
  • Right click Registry / New / Registry Item.
  • General Tab.
  • Action :Update
  • Hive :HKEY_LOCAL_MACHINE
  • Key path : SYSTEMCurrentControlSetControlTerminal Server
  • Value name : fDenyTSConnections
  • Value type : REG_DWORD
  • Value date : 00000000 enable OR 00000001 disable
Enhanced by Zemanta

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.