TL;DR — Resumo Rápido

Q: I have several computers on my enterprise and I don't want to manually allow remote desktop on each one.

Nota: Este artigo foi publicado originalmente em 2010. Alguns passos, comandos ou versões de software podem ter mudado. Consulte a documentação atual de Group Policy para as informações mais recentes.

Q: I have several computers on my enterprise and I don’t want to manually allow remote desktop on each one. How can I enable it either across all computers or target a policy to certain groups?

A: You can do this via Group Policy. There are two things you need to configure as you would on any client a) Allow Remote Desktop and b) Configure the firewall to allow remote desktop. Below are the settings you need to find in the Group Policy editor:

Computer Configuração > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Allow Remote Desktop Exception Computer Configuração > Administrative Templates > Windows Components > Terminal Services > Allow users to connect remotely using Terminal Services or Computer Configuração > Policies > Administrative Templates > Windows Components > Terminal Services > Connections > Allow users to connect remotely using Terminal Services

How to Enable or Disable Remote Desktop via Group Policy Windows Server

1- We can use Group Policy setting to (enable or disable) Remote Desktop

  • Click Start / All programs / Administrative Tools / Group Policy Management.
  • Create or Edit Group Policy Objects.
  • Expand Computer Configuração /Administrative Templates / Windows Components / Remote Desktop Services / Remote Desktop Session Host / Connections.
  • Allow users to connect remotely using Remote Desktop Services (enable or disable)

2- We can use Group Policy Preferences to (enable or disable) Remote Desktop

  • Click Start / All programs / Administrative Tools / Group Policy Management.

  • Create or Edit Group Policy Objects

  • Expand Computer Configuração / Preferences / Windows Settings.

  • Right click Registry / New / Registry Item.

  • General Tab.

  • Action :Update

  • Hive :HKEY_LOCAL_MACHINE

  • Key path : SYSTEMCurrentControlSetControlTerminal Server

  • Value name : fDenyTSConnections

  • Value type : REG_DWORD

  • Value date : 00000000 enable OR 00000001 disable

Resumo

Você pode habilitar a Área de Trabalho Remota via Política de Grupo configurando o valor de registro fDenyTSConnections como 0. Use Preferências de Política de Grupo para maior flexibilidade ou Configuração Administrativa para aplicação mais rigorosa.

Artigos Relacionados