Avatar of TonyDi
 asked on

RDP Access to Windows 7 in a SBS 2008 Domain

Hello we have a SBS 2008 domain with windows XP clients.  We have added some new Windows 7 clients to the domain with the requirement that users are able to RDP to their workstations.  Currently RDP is not working to Windows 7 clients internally or externally even though it is enabled, when attempting to RDP internally to the Windows 7 workstation it prompts with an error that it could not connect to the computer.  RDP to windows XP clients is working fine.  Also if one of the Windows 7 clients is disjoined from the domain RDP access works, however once it is joined to the domain it stops working.  I have tracked down the issue to two firewall rules that are set up to block RDP access, however these firewall rules cannot be deleted or changed as they state that they are created by the system administrator and cannot be edited.  I have checked RSOP and there are no policies applied that affect the windows firewall aside from the policies that enable it.  I also went through each policy in the domain and locally manually to ensure that nothing is applied that would block RDP Access.  Any thoughts on where this firewall policy may be coming from would be greatly appreciated.
OS SecurityMicrosoft ApplicationsSBS

Avatar of undefined
Last Comment

8/22/2022 - Mon

Well, you've only got two options for the source of a policy, either a local computer policy or a group policy, and since this only happens when connected to the domain that eliminates the local policy.

You mentioned RSOP.  Have you tried Group Policy Management console?  You can use the Group Policy Results inside it to do the same thing, but a little better.  In RSOP the Vista/Win7 firewall settings will show up as extra registry settings, but in GPM (assuming you're running it from Vista/Win7/SBS2008) you will actually see the settings.

How do you run RSOP from GPM, I did see how to run it from ADUC.

When running from ADUC I am getting the error that the RPC server is unavailable.  I actually get this on all PC's not just the windows 7 PC's.

A couple of other notes, I have moved the Windows 7 PC from the My Business/Computers/SBSComputers OU to the Computers ou at the root of ADUC.  According to GPM the computers OU does not have any Group Policies applied to it.

I have also gone through each GPO in GPM one by one, The only settings applied are to allow RDP.

Is there anyplace else that this could possibly be applied on sbs 2k8?

Also I noticed there are seperate policies for Vista clients and XP clients, I'm assuming that the Windows 7 clients just use the vista policy as I haven't found anything for adding policies for windows 7, can you confirm that?

View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.

I was able to find the solution to this.  The problem was with the CSE security policy,

Computer Configuration/Administrative Templates/Network/Network Connections/Windows Firewall.

Both the domain and standard profiles had values of localsubnet, serverIPAddress.

Removed the space in between the , and the next word and everything started working.
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck