Allow remote desktop from domain through GPO


I have a problem since machines on my network don't allow remote desktop connections. Users are connecting to their desktop pc on the network from a remote laptop and through a VPN connection. I believe the problem is within the Windows firewall, as remote dekstop is only allowed from home/work and not the domain (see my screendump). The option to allow it from the domain is greyed out, and I think it's a GPO issue, but where do I configure this on my Windows Server 2008 R2?

Thanks in advance,
Who is Participating?
Daniel HelgenbergerConnect With a Mentor Commented:
To allow users/groups to connect via RDP you need to do the following:

- Allow VPN access, verify users can connect the required workstations
- Create a AD group for users that you want to be able to connect to RDP. In your case the VPN group can be a member of this group. I call this group RDPUsers for this example.

Now, setup a GPO that does the following stuff:
- Open RDP firewall port.
- Allow users to connect via RDP
BUT to be able to connect to RDP, the user that wants to connect have to be in a local computer local group called Remote Desktop Users (BUILDIN).

Continue in your GPO setup:
- Under Computer Config/Security, setup a new restricted Group. Call this group Remote Desktop Users - make sure not to use the "browse" for this one.
- Now, add your RDPUsers AD Group to the restricted group.

Let the GPO replicate or do a gpupdate /force on one client. Try to connect via RDP to this Computer with a member of this group.
ronnie13Author Commented:
This is already enabled. The thing is that when I configure remote desktop on the pc it warns me that I must activate the exception for Windows Firewall in relation to remote desktop. This points to this solution but as you could see from my previous screendump I can't allow the connections from the network location types domain or public.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Is your issue resolved or still facing problem ?
ronnie13Author Commented:
I haven't had a chance to look at it today. I'll get back to you monday or tuesday.
ronnie13Author Commented:
Hi again,

the problem is not only related to VPN users. Even if I'm in the office and trying to rdp from one pc on the domain to another this is not possible. How can I open the RDP firewall port?
ronnie13Author Commented:
The problem is now solved by applying this policy:

Computer Configuration > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Allow Remote Desktop Exception.

Thanks a lot for your help.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.