How to enable Remote Desktop via Group Policy

6 January, 2009 at 5:14 pm by Phil Wiffen · Filed under General IT

This one had me stumped, but it’ll teach me to search the internet properly before blundering through. Even if you allow the Windows Firewall to accept Remote Desktop Connections you still need to enable Terminal Services elsewhere in the GP hierarchy. D’oh!

Here’s what you need to enable Remote Desktop remotely:

Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Allow Remote Desktop Exception

Computer Configuration > Administrative Templates > Windows Components > Terminal Services > Allow users to connect remotely using Terminal Services

Enable both of those options and you’ll be Remote Desktop-ing into PCs by the next day :) (or rather, until your Domain clients refresh their Group Policy settings ;) )

Related posts

23 Comments »

  1. James said,

    13 February, 2009 at 1:26 pm

    Many thanks for this! Turned you up in Google – straight to the point.

    Saved me a bunch of legwork. Cheers!

  2. Phil Wiffen said,

    13 February, 2009 at 4:28 pm

    No worries James, glad it helped :)

  3. Peter said,

    25 February, 2009 at 1:52 pm

    Just like James said. Straight to the point and I REALLY like that. As soon as the server reboots after some updates, then I’ll be changing the terminal connection settings. Thanks again.
    Peter

  4. Olsi Deda said,

    13 March, 2009 at 12:56 pm

    straight to the point

  5. Sean said,

    18 March, 2009 at 7:25 pm

    Perfect, this one was exactly what I needed! now I can try and put that hair back in that I pulled out!

  6. Mike said,

    2 June, 2009 at 7:13 pm

    Works!!! Thanks.

  7. Clay said,

    4 June, 2009 at 11:13 pm

    Thanks!
    However, you actually don’t need the windows firewall exception. That’s for workstations to receive requests for remote help, not for allowing you remote in. At least that’s how I read the Group Policy definition and remote desktop is working for me with only the second setting.

  8. Phil Wiffen said,

    5 June, 2009 at 8:36 am

    That’s good to know Clay :)

  9. ripstar said,

    30 June, 2009 at 9:48 am

    HI,
    Any ideas how to set the “users allowed to connect” through group policy?

  10. Ngan Nguyen said,

    15 August, 2009 at 9:08 pm

    This is great. Thanks for sharing!

  11. Philip Manual said,

    3 September, 2009 at 7:07 am

    Just the exact information I was looking for. Thanks!

  12. AK said,

    24 September, 2009 at 2:30 pm

    Excellent, straight to the point and fixed my issue! :D

  13. Grant Miller said,

    28 September, 2009 at 10:14 pm

    Sweet, thanks much for posting these clear instructions!

    Grant

  14. Grant Miller said,

    28 September, 2009 at 10:19 pm

    And for the edit, Clay. No point in opening your workstations up further than necessary. Who the he11 uses remote assistance anyway?

  15. ahmed serag said,

    29 September, 2009 at 8:13 am

    thanks mellion

  16. widhalmt said,

    4 December, 2009 at 7:26 pm

    Thanks. This saved a lot time for me.

  17. Conor Scolard said,

    11 January, 2010 at 2:44 pm

    Doesn’t work with 2k8R2 native domain.

  18. Phil Wiffen said,

    21 January, 2010 at 10:30 am

    Conor, do you know how to make it work? We’re not running a 2008 R2 native domain so I can’t try/test :(

  19. Sem said,

    25 January, 2010 at 12:40 pm

    In 2k8 R2 you should just need to replace Terminal Services with Remote Desktop Services as it has been re-branded.

  20. Phil Wiffen said,

    26 January, 2010 at 9:47 am

    Thanks Sem! :)

  21. David said,

    5 February, 2010 at 7:01 pm

    Thanks! This helped!

  22. Pablo Montero said,

    11 February, 2010 at 12:12 am

    This is not working for me. I am using Windows 7 workstations on a Windows 2003 server domain recently installed from scratch. I followed Phil’s suggestions and I am still unable to log on to any workstation remotely.

    Has anyone been unable to make this work even after applying the suggested changes to the group policy?

    Thanks,

    Pablo.

  23. Wayne said,

    19 February, 2010 at 6:06 pm

    Hi Pablo:

    I use the same setup, a Windows 2003 Domain with Windows 7 Enterprise workstations, and I was able to get this to work.

    Although, while administering my group policy via the Group Policy Management console from a Windows 7 Enterprise workstation I have the following hierarchy for the Terminal Service (Remote Desktop Settings).

    Open the policy associated with the OU the machines are located in
    Windows Firewall Setting:
    Note: Depending on which “location” you assigned your network connections you may want to do this below for both “Domain Profile” and the “Standard Profile”.

    Computer Configuration -> Policies -> Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Allow Remote Desktop Exception
    Note: Don’t forget to add your subnet to the above entry as well, if you are unsure what your subnet is (scary) enter “localsubnet”.

    Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections -> Allow users to connect remotely using Remote Desktop Services = Enabled

RSS feed for comments on this post · TrackBack URL

Leave a Comment