The Book

User Tools

Site Tools

Trace:
microsoft:server:2012:rdp_through_gpo

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
microsoft:server:2012:rdp_through_gpo [2016/03/05 20:24] rpleckomicrosoft:server:2012:rdp_through_gpo [2016/03/06 17:52] (current) rplecko
Line 1: Line 1:
-===Server 2012 Enable Remote Desktop (RDP) through Group Policy (GPO)===+=== Server 2012 Enable Remote Desktop (RDP) through Group Policy (GPO) ===
  
-[[http://www.dannyeckes.com/server-2012-enable-remote-desktop-rdp-group-policy-gpo/]]+Copied from [[http://www.dannyeckes.com/server-2012-enable-remote-desktop-rdp-group-policy-gpo/|http://www.dannyeckes.com/server-2012-enable-remote-desktop-rdp-group-policy-gpo/]]
  
 I want to be able to remote onto all my computers but limit which users can remote onto these machines. The best way to do this is through a group policy that sets this up on all machines. I want to be able to remote onto all my computers but limit which users can remote onto these machines. The best way to do this is through a group policy that sets this up on all machines.
Line 7: Line 7:
 My GPO will need to do the following: My GPO will need to do the following:
  
-  *     Enable Remote Desktop Service +  * Enable Remote Desktop Service 
-  *     Open the Firewall to allow Remote Desktop +  * Open the Firewall to allow Remote Desktop 
-  *     Disallow local admins from making changes +  * Disallow local admins from making changes 
-  *     Only allow certain users to logon remotely.+  * Only allow certain users to logon remotely.
  
 **Create a Security Group** **Create a Security Group**
Line 22: Line 22:
   - Give the group a name. I used “SG – Remote Desktop Users”.   - Give the group a name. I used “SG – Remote Desktop Users”.
  
-{{ microsoft/server/2012/rdp_gpo/ss-01.png }}+[[http://wiki.pcsinfo.hr/lib/exe/detail.php?id=microsoft:server:2012:rdp_through_gpo&media=microsoft:server:2012:rdp_gpo:ss-01.png|{{  :microsoft:server:2012:rdp_gpo:ss-01.png  }}]]
  
 **Create the GPO** **Create the GPO**
Line 29: Line 29:
  
   - Log into your Domain Controller.   - Log into your Domain Controller.
-  - On the Start Screen type: gpmc.msc. This will pull up the Group Policy Management Console.+  - On the Start Screen type: **gpmc.msc**. This will pull up the <fc #6495ed>''Group Policy Management Console''</fc>.
   - Right click on your domain and select “Create a GPO in this domain, and Link it here…”. I am creating this GPO at the root of my domain to allow access to all servers and computers in my domain. This might not be exactly what you want to do, if your situation is different then select the OU you want this policy to apply to instead of your domain.   - Right click on your domain and select “Create a GPO in this domain, and Link it here…”. I am creating this GPO at the root of my domain to allow access to all servers and computers in my domain. This might not be exactly what you want to do, if your situation is different then select the OU you want this policy to apply to instead of your domain.
   - Name the GPO. I used “Enable RDP” to keep it simple. This will create a blank GPO and a link to it.   - Name the GPO. I used “Enable RDP” to keep it simple. This will create a blank GPO and a link to it.
   - Right click the GPO or the Link and select “Edit…”   - Right click the GPO or the Link and select “Edit…”
-  - This will pull up a the Group Policy Editor. {{ microsoft/server/2012/rdp_gpo/ss-02.png }}+  - This will pull up a the Group Policy Editor. [[http://wiki.pcsinfo.hr/lib/exe/detail.php?id=microsoft:server:2012:rdp_through_gpo&media=microsoft:server:2012:rdp_gpo:ss-02.png|{{  :microsoft:server:2012:rdp_gpo:ss-02.png  }}]]
   - We are only going to be modifying Computer Settings. We need to enable RDP, open the Firewall, and allow the security group members. Set the following:   - We are only going to be modifying Computer Settings. We need to enable RDP, open the Firewall, and allow the security group members. Set the following:
-    - Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow Log on through Remote Desktop Services. +      - Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\User Rights Assignment\Allow Log on through Remote Desktop Services. 
-      - Add Users or Group… +        - Add Users or Group… 
-      - Browse and search for your Security Group. In my case it was SG – Remote Desktop users +        - Browse and search for your Security Group. In my case it was SG – Remote Desktop users 
-    - Computer Configuration\Policies\Windows Settings\Security Settings\Restricted Groups +      - Computer Configuration\Policies\Windows Settings\Security Settings\Restricted Groups 
-      - Right Click in the blank area and select Add Group… +        - Right Click in the blank area and select Add Group… 
-      - Browse and find “Remote Desktop Users” +        - Browse and find “Remote Desktop Users” 
-      - Select OK +        - Select OK 
-      - Double Click Remote Desktop Users +        - Double Click Remote Desktop Users 
-      - Select Add for “Members of this Group” +        - Select Add for “Members of this Group” 
-      - Browse and find your Security group. +        - Browse and find your Security group. 
-    - //Computer Configuration\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile\Windows Firewall: Allow Inbound Remote Desktop exceptions:// **Enabled** +      - //<fc #6495ed>Computer Configuration → Administrative Templates → Network → Network Connections → Windows Firewall -> Domain Profile</fc> <fc #ff0000>''Windows Firewall: Allow Inbound Remote Desktop exceptions''</fc>://**Enabled** 
-    - //Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Allow user to connect remotely by using Remote Desktop Services:// **Enabled** +      - //<fc #6495ed>Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host → Connections</fc> <fc #ff0000>''Allow user to connect remotely by using Remote Desktop Services''</fc>://**Enabled** 
-    - //Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Do not allow local administrators to customize permissions:// **Enabled** +      - //Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Do not allow local administrators to customize permissions://**Enabled** 
-    - //Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using NLA:// **Disabled** +      - //Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Security\Require user authentication for remote connections by using NLA://**Disabled** 
-{{ microsoft/server/2012/rdp_gpo/ss-03.png }} +[[http://wiki.pcsinfo.hr/lib/exe/detail.php?id=microsoft:server:2012:rdp_through_gpo&media=microsoft:server:2012:rdp_gpo:ss-03.png|{{  :microsoft:server:2012:rdp_gpo:ss-03.png  }}]] 
-{{ microsoft/server/2012/rdp_gpo/ss-04.png }} + 
-That should be it! Just wait for or force your computers to update Group Policy. Now any users that are a member of your security group can RDP to your computers. +[[http://wiki.pcsinfo.hr/lib/exe/detail.php?id=microsoft:server:2012:rdp_through_gpo&media=microsoft:server:2012:rdp_gpo:ss-04.png|{{  :microsoft:server:2012:rdp_gpo:ss-04.png  }}]] That should be it! Just wait for or force your computers to update Group Policy. Now any users that are a member of your security group can RDP to your computers. 
microsoft/server/2012/rdp_through_gpo.1457209451.txt.gz · Last modified: 2016/03/05 20:24 (external edit)