Group Policy to enable Remote Desktop on all Win 10 clients

What are the steps necessary to create a group policy to enable Remote Desktop on all Windows 10 client computers within a Server 2016 network?
IT GuyNetwork EngineerAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
I think you would need to run the wmic to enable it.

https://social.technet.microsoft.com/wiki/contents/articles/4980.how-to-enable-or-disable-remote-desktop-via-group-policy-windows-2008.aspx
Potentially registry push to alter the status.
You would also need to potentially as covered push the firewall rule to open the port.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AlanConsultantCommented:
Hi,

I believe it is these (Ref:  https://blogs.msdn.microsoft.com/jjameson/2009/10/14/enabling-remote-desktop-via-group-policy/):

    Computer Configuration

        Policies

            Windows Settings

                Security Settings

                    Windows Firewall with Advanced Security

                        Inbound Rules

                            Remote Desktop (TCP-In)

                                Enabled: Yes

                                Action: Allow

            Administrative Templates

                Windows Components

                    Terminal Services

                        Terminal Server

                            Connections

                                Allow users to connect remotely using Terminal Services: Enabled


I usually create a security group for users that can logon to desktops using RDP, and put that group in the 'Remote Desktop Users' group.  You might want to have multiple security groups for each dept or various machines - I would still use security groups no matter what.

I do NOT allow that group automatic access to log on to servers using RDP - that would be a very restricted group.

Hope that helps,

Alan
0
IT GuyNetwork EngineerAuthor Commented:
Are there any additional steps I need to follow to enable what is shown in this screenshot:

Remote-Desktop-properties
0
arnoldCommented:
This only activates the remote administration, limited to admins, if you have other individuals with a subset of a role, the user would need to be added to the local remote desktop security group...

You need to fully define what it is you want to accomplish.
Enable remote desktop administration.
Firewall rule to allow port 3389 to be accessed,
Using a domain security group that is then added to the local remote Desktop security group using GPO and restricted groups (add domain security group to ....)
This way one you add a user to the domain security group, the user will be authorized to access the system via remote desktop administrator
0
IT GuyNetwork EngineerAuthor Commented:
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.