Enable/Disable RDP GPO From regedit

Mike Kachar 1 Reputation point
2021-03-08T16:34:27.987+00:00

I'm trying to enable/disable the Group Policy Object "Allow users to connect remotely using Remote Desktop Services", found at the following path, by way of regedit and/or CLI: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\ I've tried changing the following two (2) registry keys: HKLM\System\CurrentControlSet\Control\Terminal Server\fDenyTSConnections HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections When I change the values, no matter if I do a "gpupdate /force", or reboot, the GPO doesn't change. The value does always stay what I set it at, but the GPO isn't changing. I can manually go in and change the GPO and it does change the system/remote settings appropriately. I am joined to a Domain - this is to notify. I would think that if this was a Domain-related issue, I wouldn't be able to manually change the GPO, or the registry values change wouldn't ever save. My end goal here is to be able to disable RDP connections to the machine from CLI or a batch file. Can someone advise? This machine is running the following: Windows 10 v20H2 (Build 19042.844) Thanks.

Remote Desktop
Remote Desktop
A Microsoft app that connects remotely to computers and to virtual apps and desktops.
4,251 questions

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Grace HE 1,241 Reputation points
    2021-03-11T07:06:39.573+00:00

    Hi,
    As your description and query, you are finding a way to enable/disable via REGEDIT. If so, here are some ideas for this.

    1. type REGEDIT in the search box to start REGISTRY EDITOR.
    2. navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server. Then on the right-side pane, double-click on the fSingleSessionPerUser.
      76559-image.png
    3. Set the value data to 0 and click OK if you want to enable Remote Desktop. Set the value to 1 and click OK if you need to disable it.
      76653-image.png
      Enabling RDP through the registry will not configure the Windows Firewall with the appropriate ports to allow RDP connections.
      Type the following in an administrative command prompt:
      Netsh advfirewall firewall set rule group=”remote desktop” new enable=yes

    ---If the suggestions above are helpful, please ACCEPT ANSWER. Really appreciate. This will also help others with similar issue to find this post quickly. ---

    1 person found this answer helpful.
    0 comments
  2. Grace HE 1,241 Reputation points
    2021-03-09T09:21:26.403+00:00

    Hi,

    Thank you for posting your query. Here are some suggestions.

    type LOCAL SECURITY POLICY in the search box -> open local security policy -> local policies ->user rights assignments -> deny log on through Remote Desktop Service
    75831-microsoftteams-image.png

    ---If the suggestions above are helpful, please ACCEPT ANSWER. Really appreciate. This will also help others with similar issue to find this post quickly. ---