Enable RDP via Group Policy
KB ID 0000043 Dtd 09/08/12
Problem
Rather than enabling on an ad-hoc basis, you want to turn on RDP for multiple machines via Group Policy.
Solution
2008 R2 RDP Policy Location
To simply enable RDP, change the following policy;
Computer Configuration > Admin Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections
Locate and change the "Allow users to connect remotely using Remote Desktop Service" policy.
Allow RDP on the Windows Firewall with Group Policy
Navigate to the following policy;
Computer Configuration > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules
Right click > New rule > Change Predefines to "Remote Desktop" > Next > Next.
Allow the connection > Finish
Allow users to connect via RDP though Group Policy
Any member of the machines 'Remote Desktop Users' group can log on via RDP, if you have a lot of machines you can create a global security group in active directory (mine below is called SG-Remote-Desktop-Users). And I've added it globally to all the computers local 'Remote Desktop Users' groups using 'Restricted groups'.
Navigate to the following policy;
Computer Configuration > Windows Settings > Security Settings > Restricted Groups
Right click > Add Group > Browse > Add your group > In the LOWER (This group is a member of) section click Add > Type in Remote Desktop Users > OK > OK.
2008 RDP Policy Location
Computer Configuration > Policies > Administrative Templates > Windows Components > Terminal Services > Terminal Server > Connections.
"Allow users to connect remotely using Terminal services"
"Allow users to connect remotely using Terminal services"
To enable Remote Desktop, click Enabled.
To disable Remote Desktop, click Disabled.
2000/ 2003 RDP Policy Location
Computer Configuration > Administrative Templates > Windows Components > Terminal Services.
"Allows users to connect remotely using Terminal services"
To enable Remote Desktop, click Enabled.
To disable Remote Desktop, click Disabled.
No comments:
Post a Comment