How to enable Remote Desktop via Group Policy

6 January, 2009 at 5:14 pm by Phil Wiffen · Filed under General IT

This one had me stumped, but it’ll teach me to search the internet properly before blundering through. Even if you allow the Windows Firewall to accept Remote Desktop Connections you still need to enable Terminal Services elsewhere in the GP hierarchy. D’oh!

Here’s what you need to enable Remote Desktop remotely:

Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Allow Remote Desktop Exception

Computer Configuration > Administrative Templates > Windows Components > Terminal Services > Allow users to connect remotely using Terminal Services

Enable both of those options and you’ll be Remote Desktop-ing into PCs by the next day :) (or rather, until your Domain clients refresh their Group Policy settings ;) )

Related posts

29 Comments »

  1. James said,

    13 February, 2009 at 1:26 pm

    Many thanks for this! Turned you up in Google – straight to the point.

    Saved me a bunch of legwork. Cheers!

  2. Phil Wiffen said,

    13 February, 2009 at 4:28 pm

    No worries James, glad it helped :)

  3. Peter said,

    25 February, 2009 at 1:52 pm

    Just like James said. Straight to the point and I REALLY like that. As soon as the server reboots after some updates, then I’ll be changing the terminal connection settings. Thanks again.
    Peter

  4. Olsi Deda said,

    13 March, 2009 at 12:56 pm

    straight to the point

  5. Sean said,

    18 March, 2009 at 7:25 pm

    Perfect, this one was exactly what I needed! now I can try and put that hair back in that I pulled out!

  6. Mike said,

    2 June, 2009 at 7:13 pm

    Works!!! Thanks.

  7. Clay said,

    4 June, 2009 at 11:13 pm

    Thanks!
    However, you actually don’t need the windows firewall exception. That’s for workstations to receive requests for remote help, not for allowing you remote in. At least that’s how I read the Group Policy definition and remote desktop is working for me with only the second setting.

  8. Phil Wiffen said,

    5 June, 2009 at 8:36 am

    That’s good to know Clay :)

  9. ripstar said,

    30 June, 2009 at 9:48 am

    HI,
    Any ideas how to set the “users allowed to connect” through group policy?

  10. Ngan Nguyen said,

    15 August, 2009 at 9:08 pm

    This is great. Thanks for sharing!

  11. Philip Manual said,

    3 September, 2009 at 7:07 am

    Just the exact information I was looking for. Thanks!

  12. AK said,

    24 September, 2009 at 2:30 pm

    Excellent, straight to the point and fixed my issue! :D

  13. Grant Miller said,

    28 September, 2009 at 10:14 pm

    Sweet, thanks much for posting these clear instructions!

    Grant

  14. Grant Miller said,

    28 September, 2009 at 10:19 pm

    And for the edit, Clay. No point in opening your workstations up further than necessary. Who the he11 uses remote assistance anyway?

  15. ahmed serag said,

    29 September, 2009 at 8:13 am

    thanks mellion

  16. widhalmt said,

    4 December, 2009 at 7:26 pm

    Thanks. This saved a lot time for me.

  17. Conor Scolard said,

    11 January, 2010 at 2:44 pm

    Doesn’t work with 2k8R2 native domain.

  18. Phil Wiffen said,

    21 January, 2010 at 10:30 am

    Conor, do you know how to make it work? We’re not running a 2008 R2 native domain so I can’t try/test :(

  19. Sem said,

    25 January, 2010 at 12:40 pm

    In 2k8 R2 you should just need to replace Terminal Services with Remote Desktop Services as it has been re-branded.

  20. Phil Wiffen said,

    26 January, 2010 at 9:47 am

    Thanks Sem! :)

  21. David said,

    5 February, 2010 at 7:01 pm

    Thanks! This helped!

  22. Pablo Montero said,

    11 February, 2010 at 12:12 am

    This is not working for me. I am using Windows 7 workstations on a Windows 2003 server domain recently installed from scratch. I followed Phil’s suggestions and I am still unable to log on to any workstation remotely.

    Has anyone been unable to make this work even after applying the suggested changes to the group policy?

    Thanks,

    Pablo.

  23. Wayne said,

    19 February, 2010 at 6:06 pm

    Hi Pablo:

    I use the same setup, a Windows 2003 Domain with Windows 7 Enterprise workstations, and I was able to get this to work.

    Although, while administering my group policy via the Group Policy Management console from a Windows 7 Enterprise workstation I have the following hierarchy for the Terminal Service (Remote Desktop Settings).

    Open the policy associated with the OU the machines are located in
    Windows Firewall Setting:
    Note: Depending on which “location” you assigned your network connections you may want to do this below for both “Domain Profile” and the “Standard Profile”.

    Computer Configuration -> Policies -> Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Allow Remote Desktop Exception
    Note: Don’t forget to add your subnet to the above entry as well, if you are unsure what your subnet is (scary) enter “localsubnet”.

    Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections -> Allow users to connect remotely using Remote Desktop Services = Enabled

  24. Andy said,

    24 March, 2010 at 9:25 pm

    I successfully connect to the computer but when logging in with user, i get the following message:

    The local policy of this system does not permit you to log on interactively.

    Anyone know what setting I need to change? Hopefully via group policy. :-)

  25. Phil Wiffen said,

    25 March, 2010 at 1:30 pm

    Andy: to log on remotely via RDP, you need to be in the Local Administrator’s group on the PC you’re RDPing to. Either that, or change what types of user you’ll let log in remotely.

  26. John said,

    11 May, 2010 at 12:23 pm

    Hey thanks a lot mate!
    First hit in Google and saved me a lot of time!
    Setting up the GPOs right now, will tell ya how it works tomorrow.

  27. Doug reynolds said,

    28 June, 2010 at 5:01 pm

    Hey, i had remote desktop enabled on my server ’08 domain, and remote desktop worked great for my windows xp. Fast forward, i start adding win7 pro machines, and alas, you can’t rdp to them (xp machines are fine). I add them above firewall except to the group policy, and now i cant even remote desktop into the server.. what gives?

  28. Ivan Radisson said,

    27 July, 2010 at 10:10 am

    For those creating this GPO on a Windows Server 2008:

    The second option is under:

    Computer Configuration > Policies > Administrative Templates > Windows Components > Terminal Services > Connections > Allow users to connect remotely using Terminal Services

    Regards.

  29. Ahamed, said,

    24 August, 2010 at 9:04 pm

    Thank you for your nice information…

RSS feed for comments on this post · TrackBack URL

Leave a Comment