Data Centers

Configure Remote Desktop through Group Policy

Ensuring that Remote Desktop is enabled (or disabled) centrally through Group Policy is the way to go for Windows Servers. IT pro Rick Vanover shows how in this tip.

Any time I can set something to be centrally managed, I’ll do it. Group Policy is the best way to do that for Windows Servers, and we can configure Remote Desktop within Group Policy. The good news is that it is really easy to deploy for a computer account, and can be done centrally with a Group Policy Object that applies to computer accounts.

Within Group Policy, navigate to the Computer Configuration | Policies | Administrative Templates | Windows Components | Remote Desktop Session Host | Connections section of Group Policy; here, you can set the “Allow users to connect remotely using Remote Desktop Services” value to be enabled. This configuration is shown in Figure A below: Figure A

Click image for larger view

For scaling reasons, we have a few ways on how this GPO can be pushed to server computer accounts. We can push it to the entire domain, an organizational unit (OU), or simply a security group. I prefer the security group deployment mechanism. This is done through GPO filtering, which is explained in this blog post. Applying it to an entire domain is not really a good idea, but a designated OU can make sense, depending on the granularity of the OU. The smallest Active Directory environments can deploy via OU, but larger environments should consider putting the computer account in a security group that has the GPO filtered to it.

Additional options for how Remote Desktop will behave can be configured in this area of Group Policy. This includes the ability to disable indirect file transfer through drive redirection, designate licensing servers, or specify how many connections will be permitted on the server.

Have you deployed Remote Desktop configuration centrally through Group Policy? What additional settings have you deployed? Share your comments below.

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

2 comments
asher siddiqi
asher siddiqi

It really works i was in search of this thing for some days Thanks Alot

m.i.k.e
m.i.k.e

If you only enable RD through group policy, but the machines themselves are still set to "Don't allow connections to this computer ," when Group Policy refreshes (every 90 minutes or so), you'll be disconnected from the machine. Per http://support.microsoft.com/kb/2083411 with this GP, also deploy a registry tweak to allow RD connections on the target machines. Then you won't be randomly disconnected.

Editor's Picks