RDP Enabled Policy - VBychkov-boop/Spring-SYS265-Final-Project GitHub Wiki
MGMT01:
-
In the server manager, create a new organizational unit (OU) in active directory users and computers.
-
Once this OU is created add the computers you wish to allow remoted desktop connect on to the OU (in the case of this assingment w01 and w02).
-
Once the OU is fully setup, navigate to group policy manager and create a new Group Policy Object within the OU.
-
Edit the GPOs settings to set the following controls:
Computer Configuration
└── Policies
└── Administrative Templates
└── Windows Components
└── Remote Desktop Services
└── Remote Desktop Session Host
└── Connections
- Set "Allow users to connect remotely using Remote Desktop Services" → Enabled
- Set "Require user authentication for remote connections by using Network Level Authentication" → Enabled
Computer Configuration
└── Policies
└── Windows Settings
└── Security Settings
└── Windows Defender Firewall with Advanced Security
└── Inbound Rules
- Right-click Inbound Rules → New Rule
- Choose Predefined → Select "Remote Desktop"
- Check "Remote Desktop (TCP-In)" → Allow the connection
Computer Configuration
└── Preferences
└── Control Panel Settings
└── Local Users and Groups
- New → Local Group
- Group name:
Remote Desktop Users (built-in) - Add the desired domain users or groups
W01 && W02
-
Once the GPO is configured properly, navigate to the w01 and w02 devices and execute the
gpupdate /forcecommand to enforce the new policy and usegpresult /rto confirm it was successful (You may additionally need to restart the device). -
You should now be able to remote to both devices, to do so search for "Remote Desktop Connection" in the workstation search function. Once open enter either the IP address or Hostname of the remote device, this should prompt a user authentication panel. Use the panel to enter the credentials of a remote desktop user and the remote connection should activate successfully.