what is remote desktop protocol

How To Enable Remote Desktop Via Group Policy Objects (GPO)

Updated on:  

Teams responsible for supporting physically distant computers and users need to use a tool that enables them to exercise remote access and control over a network. Microsoft’s Remote Desktop is a popular solution for accessing computers anywhere in the world.

In this article, we will look at how to enable Remote Desktop Group Policy on Windows 10 systems so it can be applied to all connected machines at a remote site.

Enable Remote Desktop via Group Policy

The first obstacle to overcome when setting up a Group Policy for Remote Desktop is obtaining the necessary permissions that enable you to modify a Group Policy Object (GPO). Getting these permissions is beyond the scope of this article, and we will presume that you have worked with your system administrators and have the necessary level of access.

How to create a firewall rule via Group Policy

The following list of essential points outlines the steps necessary to update the Remote Desktop Group Policy to allow remote control to be implemented on the associated computers.
  1. Open the Group Policy Management Console (GPMC).

    group policy management console
  2. Create a new Group Policy Object called Enable Remote Desktop.
  3. Navigate through the following settings so you can create a new rule:

    Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Inbound Rules

    Now choose to Create a New Rule. The screenshot below shows you where you should be in the Windows configuration screens.

    group policy inbound firewall rule
  4. In the New Inbound Rule Wizard, select the Port parameter.
  5. Make sure TCP is selected and the Specific local port parameter is set at 3389.

    create inbound firewall rule
  6. Click Next and allow the Connection. Limit the connection to Domain and Private Profiles.
  7. Give the rule a meaningful name like – Inbound Rule for RDP Port 3389.

How to enable Remote Desktop Session Host policies

Once the local ports have been added, further Remote Desktop group policy settings need to be updated to enable the required Remote Desktop Session Host policies.

  1. Go to:

    Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections

  2. Enable the setting to Allow users to connect remotely by using Remote Desktop Services.

    Allow users to connect remotely by using Remote Desktop Services
  3. Before we finish modifying Group Policy to allow Remote Desktop, we are going to enable Network Level Authentication. While this is not a necessary part of enabling RDP Group Policy, it is highly recommended as it provides enhanced security for your remote sessions.

  4. Navigate to:

    Computer Configuration -> Policies -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security.

  5. Enable the Require user authentication for remote connections by using Network Level Authentication setting.

    group policy enable Network Level Authentication
  6. The last step and arguably the most important is to apply the Group Policy Object we just created to an Organizational Unit. Without this step, the policy will exist but not be used for accessing any remote machines.

  7. Close the GPMC as you are finished. No more settings need to be modified to implement Remote Desktop using a Group Policy.