Link to home
Start Free TrialLog in
Avatar of Rakesh Patel
Rakesh PatelFlag for United Kingdom of Great Britain and Northern Ireland

asked on

Remote Desktop endpoint (intune) rule set up

I am trying to switch on allow remote desktop for users using intune for windows 10.

it seems to be half working as I can see the option switch on by viewing it through the remote settings as shown:


the setting in intune I have changed is the Allow users to connect remotely by using Remote Desktop Services  User generated image

but it doesn't seem to work and when I look in remote desktop for windows 10 it is switched off and greyed out so it looks like this: 

User generated image

is there another setting or something else I need to change in order to switch this on through intune?


Avatar of Jian An Lim
Jian An Lim
Flag of Australia image

you need to go through your intune settings to find which settings has turn it off. 


This is one of the examples 

https://www.anoopcnair.com/disable-remote-desktop-connections-using-intune/


This is more like a hunting game, i.e. it is definitely one of your settings but just don't know how the original technician implements it.

Some could even use group policy over intune (which is ugly but still possible)



Avatar of Rakesh Patel

ASKER

No setting has switched it off, its strange as its switched on if I view the remote settings. We only have a few rules and none have the rule switched off so I can't see any conflicts.

There doesn't seem to be anything that is blocking it and if I turn the rule off the administrator can turn the rule on and off manually so there doesn't seem to be another rule preventing this.

go to the pc


do these


1. gpresult /h <computername>.html

(attach the html here)


2. if you have intune, follow this https://learn.microsoft.com/en-us/windows/client-management/diagnose-mdm-failures-in-windows-10

and get me the html file as well


with both of them, one of them will show up what causing it

I have attached the file, we are using intune, we no longer have a GPO server.
MDMDiagReport.html

wait, how do you RDP to the machine?


did you modify your RDP file to 


enablecredsspsupport:i:0
authentication level:i:2


if you have not, 

follow this article https://www.niallbrady.com/2017/08/23/how-can-i-rdp-to-an-azure-ad-joined-windows-10-device/

I can RDP to the machine if I do this manually but I want to set it through intune.

the problem is if I set the "allow users to connect remotely" option in intune i can see the option has changed here:


User generated imageso it looks like it has worked but if i check remote desktop it is greyed out and is switched off as you can see below.



User generated image

the problem is if you do this manually it seems to work together so if you select one option they will switch on and off together but intune doesn't seem to do that.


If I switch off this setting I am able to set up rdp manually but I want to set it up as a policy.



okay, you have configured via the Remote desktop using Intune (the not so working version).

what method do you use? CSP?



I don't understand the question. Basically it looks like I won't be able to set rdp up through intune.


I just don't understand why it doesn't turn remote desktop on but does switch it on if I view it in advance settings.


The thing is if I remove this policy these options work together if I switch on remote desktop i can see its switched on through the advance settings and vice versa. But using intune it only changes the advanced option and the remote desktop option is greyed out and switched off.


If I have this option on manually I am able to connect using RDP but it doesn't work if I use the policy.


Surely if I allow remote desktop through intune it should just switch it on.  


SOLUTION
Avatar of Jian An Lim
Jian An Lim
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial

As I said RDP works, there is no issue with the firewall the port is open its just the intune policy is not working properly.


If i configure the setting manually I have no issue it works fine and I am able to rdp to the desktop with no issues.


but if I add the intune policy I cannot do it.

ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial

thanks for your help, I will try this today and let you know how it works

Is it possible for you to send me a screen shot of the firewall policy you set up? I have set one up but the policy doesn't seem to be working.

i have it as this


User generated image


User generated image