How to Enable Remote Desktop Through Group Policy (2024)

Rick Akura on 01/10/2020

In this guide, you will learn about what's a remote desktop and how to enable it via group policy and Powershell. Click here to get started.

Assume a situation whereby you have just set up a remote site and now you find yourself having users or support servers that you can’t physically gain access. This means walking to the desk is out of your options. So how do you go about it to access the data and information you may be in need of?

To get it right, you need to figure out how to enable Remote Desktop via Group Policy, so that it can get applied to all devices at your site. Configuration of remote desktop forms the basis of our guide today. Let’s get started.

Jump to Section

What is Remote Desktop Group Policy

Almost all users who are interested in building safe connections between computers on the internet might have heard about RDP or VPN. RDP stands for the Remote Desktop Protocol. It is a network of communications protocol developed by Microsoft, to allow users to connect to another computer.

With RDP, one can connect to any computer that runs Windows. With RDP, you can connect to the remote PC, view the same display and interact as if you are working on that machine locally.

Some instances where you may need to use RDP include;

When traveling or when on vacation and you need to access your work computer
When you can’t go to your office due to certain reasons and you still need to fulfill your daily tasks
When you are a system admin and you need to perform administrative duties on your PC such as computer troubleshooting, tune-up, ID protection setting, printer set-up, software installation, email setup, virus and spyware removal, among others.
When you need to give a demo and you need to access data from a private device
When you want to personalize your remote desktop on experiences such as resolution, connection setting, screen setting, toolbar, start menu, icons among others.

1. How to Enable RDP on Windows 10 using Setting or GUI

The easiest way to enable Remote Desktop on the Windows operating system family is to use a Graphical User Interface (GUI).Using the Settings app, follow the steps below to enable remote access on Windows 10:

Open the “System”control panel
See Also
Fortinet FortiGate Firewall | External Systems Configuration Guide [KB3327] Configure firewall profiles and zones in ESET Cyber Security Pro VIDEO solution: Enable the Windows Firewall for the private network and enable "block all connections to apps that are not on the list of allowed apps." Please attach the screenshot below.6 Best Single Sign-On (SSO) Providers & Solutions in 2024
Go to “Remote Desktop”
Toggle the“Enable Remote Desktop”switch to “On”.
Enable the “Allow remote connection to this computer”option in the Remote Desktop section.
Hit “Confirm”.

Once you’ve allowed Remote Desktop on Windows 10, there will be two additionally enabled options:

Keep my PC awake for connection when it’s plugged in.
Make my PC discoverable on private networks to enable automatic connection from a remote device.

These settings ensure that users always can connect to the remote machine whenever they like.

However, performing the above process will need local access to the computer on which you want to enable the RD.

By default, remote desktop is disabled in both desktop versions of Windows and in Windows Server.

If users go to the“Advanced settings”window, they'll see extra advanced features, such as the option to require computers to utilize“Network Level Authentication”when connecting remotely.This setting ensures the connections are more secure by restricting access only to those who can authorize the connection with the network before they can access the device.

The “Advanced settings” page also has the current Remote Desktop port. This information is useful if the user ever needs to reconfigure a router to permit remote desktop access from outside of their network.

Note:By default, the port number is set to3389.

2. How to Enable Remote Desktop Remotely Using PowerShell

Suppose you want to remotely enable RDP on Windows Server 2012 R2/2016/2019. Here is the procedure to achieve the same;

On your computer, open the PowerShell console and run the following commands to connect to your remote server.Enter-PSSession -ComputerName server.domain.local -Credential domain\administrator.
You will have established a remote session with a computer and now you can execute PowerShell commands on it. To enable Remote Desktop, you need to change registry parameterfDenyTSConnectionsfrom 1 to 0 on the remote machine. Run the command;Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
When RDP is enabled this way (as opposed to GUI method) the rule that allows remote RDP connections is not enabled in the Windows Firewall rules.
To allow incoming RDP connections in Windows Firewall, run the command;Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
If for some reason the firewall rule is deleted, you can create it manually using the following commands.netsh advfirewall firewall add rule name="allow RemoteDesktop" dir=in protocol=TCP localport=3389 action=allow
In case you need to allow secure RDP authentication (NLA – Network Level Authentication) run the command;Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1
Now from your computer, you can check the TCP 3389 port on the remote host to see if it has become available. To do so, run the command below’Test-NetConnection 192.168.1.11 -CommonTCPPort RDP.
If successful, you should get results similar to what is shown below’

3. How to Enable/Disable Remote Desktop Using Group Policy

You can enable or disable remote desktop using group policy. To do so, perform the following steps.

Searchgpedit.mscin theStart menu.In the program list, clickgpedit.mscas shown below;
AfterLocal Group Policy Editoropens, expandComputer Configuration>>Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >> Connections.
On the right-side panel. Double-click onAllow users to connect remotely using Remote Desktop Services. See below;
SelectEnabledand clickApplyif you want to enable Remote Desktop. SelectDisabledand clickApplyif you need to disable it.

Now you will have enabled or disabled remote desktop using group policy

4. Network Level Authentication NLA on the remote RDP server

Network Level Authentication is a method used to enhance RD Session Host server security by requiring that a user be authenticated to RD session Host Server before a session can be created.

If you want to restrict who can access your PC, you can choose to allow access only with Network Level Authentication (NLA). NLA is an authentication tool used in RDP Server. When a user tries to establish a connection to a device that is NLA enabled, NLA will delegate the user’s credentials from the client-side Security Support Provider to the server for authentication, before creating a session.

The advantages of Network Level Authentication is;

It requires fewer remote computer resources initially.
It can provide better security by reducing the risk of denial of service attacks.

To configure Network Level Authentication for a connection, follow the steps below.

On the RD Session Host Server, open Remote Desktop Session Host Configuration. To do so, clickStart>>Adminstrative Tools1>>Remote Desktop Services>> Remote Desktop Session Host Configuration.
UnderConnections,right-click the name of the connection and then clickProperties.
On the General tab, selectAllow the connection only from computers running Remote Desktop with Network Level Authenticationcheckbox
ClickOK

Note, under step 3, if the “Allow connections only from computers running a remote desktop with network-level authentication” checkbox is not enabled, the “Require user authentication for remote connections by using network-level authentication” Group Policy setting has to be enabled, and has been applied to the RD Session Host Server.

5. Enable remote connections on Windows using the Control Panel

Even though the Settings app and Control panel are easy options for enabling remote desktop access, you can also enable RDP access using the Control Panel. Below you’ll find the instructions on how to enable remote desktop on Windows 10 or 11 via the Control Panel:

Open the Control Panel. The most optimal way would be to type in the "control panel" query in the search box.
In the control panel, select “System and Security”.
Under the “System” section, click “Allow remote access”.
The System Properties window will appear.
In the Remote tab, check the box “Allow Remote Assistance connections to this computer” in the section Remote Assistance. Then, select “Allow remote connections to this computer” in the section Remote Desktop.
Hit “Apply” and then “OK”.
Voila!

Conclusion

After turning on the remote desktop access on Windows 10/11, it’s time to connect to the remote computer. You can use the modern Remote Desktop application (recommended) or the built-in Remote Desktop Connection (RDC) utility with every Windows version.

If you would then need to disable Remote Desktop access, you should not experience any issues since you'll only need to reverse the steps from this guide.

That's it, from us'Now to you.

We're glad you've read this article up to here, thank you :)

If you have an extra minute, please share the article on your socials; Someone else may benefit.

And, subscribe to our newsletter below for more articles like this. We also share deals and promotions on the email that you shouldn't miss.

Also Read

»Remote Access Software: A Guide to Choosing the Right Solution for Your Business
»How To Fix "Remote Desktop Can’t Connect to the Remote Computer"
»Working Remotely Tips: Remote work tips and tools for beginners
»Benefits and Major Challenges of Hybrid Work?
»8 Best Practices for Secure Remote Working