TL;DR — Résumé Rapide

Q: I have several computers on my enterprise and I don't want to manually allow remote desktop on each one.

Note : Cet article a été publié à l’origine en 2010. Certaines étapes, commandes ou versions de logiciels ont pu changer. Consultez la documentation actuelle de Group Policy pour les informations les plus récentes.

Q: I have several computers on my enterprise and I don’t want to manually allow remote desktop on each one. How can I enable it either across all computers or target a policy to certain groups?

A: You can do this via Group Policy. There are two things you need to configure as you would on any client a) Allow Remote Desktop and b) Configure the firewall to allow remote desktop. Below are the settings you need to find in the Group Policy editor:

Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Allow Remote Desktop Exception Computer Configuration > Administrative Templates > Windows Components > Terminal Services > Allow users to connect remotely using Terminal Services or Computer Configuration > Policies > Administrative Templates > Windows Components > Terminal Services > Connections > Allow users to connect remotely using Terminal Services

How to Enable or Disable Remote Desktop via Group Policy Windows Server

1- We can use Group Policy setting to (enable or disable) Remote Desktop

  • Click Start / All programs / Administrative Tools / Group Policy Management.
  • Create or Edit Group Policy Objects.
  • Expand Computer Configuration /Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / Connections.
  • Allow users to connect remotely using Remote Desktop Services (enable or disable)

2- We can use Group Policy Preferences to (enable or disable) Remote Desktop

  • Click Start / All programs / Administrative Tools / Group Policy Management.

  • Create or Edit Group Policy Objects

  • Expand Computer Configuration / Preferences / Windows Settings.

  • Right click Registry / New / Registry Item.

  • General Tab.

  • Action :Update

  • Hive :HKEY_LOCAL_MACHINE

  • Key path : SYSTEMCurrentControlSetControlTerminal Server

  • Value name : fDenyTSConnections

  • Value type : REG_DWORD

  • Value date : 00000000 enable OR 00000001 disable

Résumé

Vous pouvez activer le Bureau à distance via la Stratégie de groupe en configurant la valeur de registre fDenyTSConnections à 0. Utilisez les Préférences de stratégie de groupe pour plus de flexibilité ou la Configuration administrative pour une application plus stricte.

Articles Connexes