Group Policy - Brandon-Duffy/SYS-265 GitHub Wiki

Create a Domain Group Policy for Remote Desktop between wks1 and wks2

Steps

1. Create a new Organizational Unit (OU) for workstations

  1. Open Active Directory Users and Computers.
  2. In the left pane, expand your domain and select the appropriate container where you want to create the new OU.
  3. Right-click on the container, click New, and then click Organizational Unit.
  4. Enter a name for the new OU (e.g., Workstations) and click OK.

Screenshot of OU saying workstations

2. Move W1-kitten and W2-kitten to the new OU

  1. In Active Directory Users and Computers, locate W1-kitten and W2-kitten in the Computers container.
  2. Right-click on each computer, select Move, and then choose the Workstations OU.

3. Create a new Group Policy Object (GPO) for Remote Desktop

  1. Open Group Policy Management.
  2. In the left pane, expand your domain and navigate to the Workstations OU.
  3. Right-click on the OU, select Create a GPO in this domain, and Link it here....
  4. Enter a name for the new GPO (e.g., Allow RDP between Workstations) and click OK.

4. Configure the GPO for Remote Desktop

  1. In Group Policy Management, expand the Workstations OU and select the newly created GPO.
  2. Right-click on the GPO and select Edit.

  1. Navigate to Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections.

  1. Double-click on Allow users to connect remotely using Remote Desktop Services.
  2. Select Enabled and click OK.
  3. Navigate to Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security - LDAP://... > Inbound Rules.
  4. In the right pane, right-click and select New Rule.
  5. Select Predefined, choose Remote Desktop, and click Next.
  6. Ensure that the Domain profile is selected and click Next.
  7. Select Allow the connection and click Finish.

5. Apply the GPO

  1. Close the Group Policy Management Editor.
  2. In Group Policy Management, right-click on the Workstations OU and select Group Policy Update.
  3. Click Yes to confirm the update.

Now, W1-kitten and W2-kitten are able to use Remote Desktop to connect to each other.

Apply a Corporate Wallpaper using Security Groups

Steps

1. Create a new Security Group for the specified workstations

  1. Open Active Directory Users and Computers.
  2. In the left pane, expand your domain and select the appropriate container where you want to create the new security group.
  3. Right-click on the container, click New, and then click Group.
  4. Enter a name for the new security group (e.g., Corporate Wallpaper Group).

  1. Set the Group scope to Global and the Group type to Security, then click OK.

2. Add W1-Kitten, W2-Kitten, and MGMT1 to the security group

  1. In Active Directory Users and Computers, locate the Corporate Wallpaper Group security group.
  2. Double-click on the security group to open its properties.
  3. Go to the Members tab and click Add.
  4. In the Enter the object names to select field, type W1-Kitten, W2-Kitten, MGMT1 and click Check Names.
  5. Confirm that the correct workstations are found, then click OK and OK again to close the properties.

3. Create a new Group Policy Object (GPO) for the corporate wallpaper

  1. Open Group Policy Management.
  2. In the left pane, right-click on your domain and select Create a GPO in this domain, and Link it here....
  3. Enter a name for the new GPO (e.g., Corporate Wallpaper GPO) and click OK.

4. Configure the GPO for the corporate wallpaper

  1. In Group Policy Management, select the newly created GPO.
  2. Right-click on the GPO and select Edit.
  3. Navigate to User Configuration > Policies > Administrative Templates > Desktop > Desktop.
  4. Double-click on Desktop Wallpaper.
  5. Select Enabled.
  6. In the Wallpaper Name field, enter the UNC path to the corporate wallpaper file (e.g., \\MGMT1-kitten\wallpaper\wallpaper.png).
  7. In the Wallpaper Style field, choose the desired wallpaper display style (e.g., Fill, Fit, Stretch, Tile, or Center) and click OK.

5. Apply the GPO to the security group

  1. Close the Group Policy Management Editor.
  2. In Group Policy Management, select the Corporate Wallpaper.
  3. In the Security Filtering section, click on Authenticated Users and click the Remove button.
  4. Click Add, type Corporate Wallpaper Group in the Enter the object names to select field, click Check Names, and then click OK.
  5. Add the Computers / Users necessary to have the Wallpaper as well.

6. Apply the GPO

  1. In Group Policy Management, right-click on your domain and select Group Policy Update.
  2. Click Yes to confirm the update.
  3. On each computer, run the command through powershell gpupdate /force and log out and back in.

The wallpaper should now be applied to each computer.