Go Premium for a chance to win a PS4. Enter to Win


Group Policy to enable Remote Desktop on all Win 10 clients

Posted on 2017-10-18
High Priority
Last Modified: 2017-10-25
What are the steps necessary to create a group policy to enable Remote Desktop on all Windows 10 client computers within a Server 2016 network?
Question by:Knowledgeable
  • 2
LVL 80

Accepted Solution

arnold earned 1500 total points
ID: 42336219
I think you would need to run the wmic to enable it.

Potentially registry push to alter the status.
You would also need to potentially as covered push the firewall rule to open the port.
LVL 20

Assisted Solution

Alan earned 1500 total points
ID: 42336224

I believe it is these (Ref:  https://blogs.msdn.microsoft.com/jjameson/2009/10/14/enabling-remote-desktop-via-group-policy/):

    Computer Configuration


            Windows Settings

                Security Settings

                    Windows Firewall with Advanced Security

                        Inbound Rules

                            Remote Desktop (TCP-In)

                                Enabled: Yes

                                Action: Allow

            Administrative Templates

                Windows Components

                    Terminal Services

                        Terminal Server


                                Allow users to connect remotely using Terminal Services: Enabled

I usually create a security group for users that can logon to desktops using RDP, and put that group in the 'Remote Desktop Users' group.  You might want to have multiple security groups for each dept or various machines - I would still use security groups no matter what.

I do NOT allow that group automatic access to log on to servers using RDP - that would be a very restricted group.

Hope that helps,


Author Comment

ID: 42337424
Are there any additional steps I need to follow to enable what is shown in this screenshot:

LVL 80

Assisted Solution

arnold earned 1500 total points
ID: 42337431
This only activates the remote administration, limited to admins, if you have other individuals with a subset of a role, the user would need to be added to the local remote desktop security group...

You need to fully define what it is you want to accomplish.
Enable remote desktop administration.
Firewall rule to allow port 3389 to be accessed,
Using a domain security group that is then added to the local remote Desktop security group using GPO and restricted groups (add domain security group to ....)
This way one you add a user to the domain security group, the user will be authorized to access the system via remote desktop administrator

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Unable to change the program that handles the scan event from a network attached Canon/Brother printer/scanner. This means you'll always have to choose which program handles this action, e.g. ControlCenter4 (in the case of a Brother).
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question