This is how I enabled for users to connect remotely to their computers in the domain
1. Created a Security Group named RDC
2. Right-click the new Group and select properties. at Members tab Add the Names or Groups you wish to allow connecting remotely.
4. Create a GPO. Edit.
5. Computer Configuration - Policies - Windows Settings - Security Settings - Restricted Groups
6. Right-click the Restricted Groups folder and click Add Group, enter the name of the Security Group just created.
7. Right-click the Group, Properties.
8. Next to the This Group is member of: Add Remote Desktop Users
9. Navigate to: Computer Configuration - Policies - Administrative Templates - Windows Components - Remote Desktop Services - Remote Desktop Session Host - Connections. Set: Allow users to connect remotely by using Remote Desktop Services.
10. Network Level Authentication Computer Configuration - Policies - Administrative Templates - Windows Components - Remote Desktop Services - Remote Desktop Session Host - Security. Set require user authentication for remote connections by using Network Level Authentication Enable.
11. Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\ Edit: Windows Firewall: Allow Inbound Remote Desktop exceptions: Enable.
12. Browse to the OU for your computers you want to allow remote desktop connection and link the policy.
Question: does this policy need to be linked to a OU that have in it the computers I want to allow access remotely or can I place the new created security group in a new OU and link the GOP to it [meaning it will be linked to users not to computers]?