Group Policy to enable Remote Desktop on all Win 10 clients

What are the steps necessary to create a group policy to enable Remote Desktop on all Windows 10 client computers within a Server 2016 network?
KnowledgeableNetwork EngineerAsked:
Who is Participating?
 
arnoldConnect With a Mentor Commented:
I think you would need to run the wmic to enable it.

https://social.technet.microsoft.com/wiki/contents/articles/4980.how-to-enable-or-disable-remote-desktop-via-group-policy-windows-2008.aspx
Potentially registry push to alter the status.
You would also need to potentially as covered push the firewall rule to open the port.
0
 
AlanConnect With a Mentor ConsultantCommented:
Hi,

I believe it is these (Ref:  https://blogs.msdn.microsoft.com/jjameson/2009/10/14/enabling-remote-desktop-via-group-policy/):

    Computer Configuration

        Policies

            Windows Settings

                Security Settings

                    Windows Firewall with Advanced Security

                        Inbound Rules

                            Remote Desktop (TCP-In)

                                Enabled: Yes

                                Action: Allow

            Administrative Templates

                Windows Components

                    Terminal Services

                        Terminal Server

                            Connections

                                Allow users to connect remotely using Terminal Services: Enabled


I usually create a security group for users that can logon to desktops using RDP, and put that group in the 'Remote Desktop Users' group.  You might want to have multiple security groups for each dept or various machines - I would still use security groups no matter what.

I do NOT allow that group automatic access to log on to servers using RDP - that would be a very restricted group.

Hope that helps,

Alan
0
 
KnowledgeableNetwork EngineerAuthor Commented:
Are there any additional steps I need to follow to enable what is shown in this screenshot:

Remote-Desktop-properties
0
 
arnoldConnect With a Mentor Commented:
This only activates the remote administration, limited to admins, if you have other individuals with a subset of a role, the user would need to be added to the local remote desktop security group...

You need to fully define what it is you want to accomplish.
Enable remote desktop administration.
Firewall rule to allow port 3389 to be accessed,
Using a domain security group that is then added to the local remote Desktop security group using GPO and restricted groups (add domain security group to ....)
This way one you add a user to the domain security group, the user will be authorized to access the system via remote desktop administrator
0
All Courses

From novice to tech pro — start learning today.