question

MikeKachar-5611 avatar image
0 Votes"
MikeKachar-5611 asked ·

Enable/Disable RDP GPO From regedit

I'm trying to enable/disable the Group Policy Object "Allow users to connect remotely using Remote Desktop Services", found at the following path, by way of regedit and/or CLI: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\ I've tried changing the following two (2) registry keys: HKLM\System\CurrentControlSet\Control\Terminal Server\fDenyTSConnections HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections When I change the values, no matter if I do a "gpupdate /force", or reboot, the GPO doesn't change. The value does always stay what I set it at, but the GPO isn't changing. I can manually go in and change the GPO and it does change the system/remote settings appropriately. I am joined to a Domain - this is to notify. I would think that if this was a Domain-related issue, I wouldn't be able to manually change the GPO, or the registry values change wouldn't ever save. My end goal here is to be able to disable RDP connections to the machine from CLI or a batch file. Can someone advise? This machine is running the following: Windows 10 v20H2 (Build 19042.844) Thanks.

windows-remote-desktop-services
· 1
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,
We are looking forward to your reply and ready for help.

---If the suggestions above are helpful, please ACCEPT ANSWER. Really appreciate. This will also help others with similar issue to find this post quickly. ---

0 Votes 0 ·
GraceHE-MSFT avatar image
0 Votes"
GraceHE-MSFT answered ·

Hi,

Thank you for posting your query. Here are some suggestions.

type LOCAL SECURITY POLICY in the search box -> open local security policy -> local policies ->user rights assignments -> deny log on through Remote Desktop Service
![75831-microsoftteams-image.png][1]

---If the suggestions above are helpful, please ACCEPT ANSWER. Really appreciate. This will also help others with similar issue to find this post quickly. ---
[1]: /answers/storage/attachments/75831-microsoftteams-image.png


· 1 ·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

This option/setting is to configure what users and groups are prohibited from logging on as a Remote Desktop Services client.

You can see this info when you double-click on the policy, and then go to the "Explain" tab:

Deny log on through Remote Desktop Services

This security setting determines which users and groups are prohibited from logging on as a Remote Desktop Services client.

Default: None.

Important

This setting does not have any effect on Windows 2000 computers that have not been updated to Service Pack 2.



I'm looking to specifically know how to disable the ability to Enable/Disable Remote Desktop via regedit and/or CLI (so I can batch it out), and have it actually modify the Group Policy Object I listed in the original question: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Allow users to connect remotely using Remote Desktop Services

0 Votes 0 ·
GraceHE-MSFT avatar image
0 Votes"
GraceHE-MSFT answered ·

Hi,
As your description and query, you are finding a way to enable/disable via REGEDIT. If so, here are some ideas for this.

  1. type REGEDIT in the search box to start REGISTRY EDITOR.

  2. navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server. Then on the right-side pane, double-click on the fSingleSessionPerUser.
    ![76559-image.png][1]

  3. Set the value data to 0 and click OK if you want to enable Remote Desktop. Set the value to 1 and click OK if you need to disable it.
    ![76653-image.png][2]
    Enabling RDP through the registry will not configure the Windows Firewall with the appropriate ports to allow RDP connections.
    Type the following in an administrative command prompt:
    Netsh advfirewall firewall set rule group=”remote desktop” new enable=yes

---If the suggestions above are helpful, please ACCEPT ANSWER. Really appreciate. This will also help others with similar issue to find this post quickly. ---
[1]: /answers/storage/attachments/76559-image.png
[2]: /answers/storage/attachments/76653-image.png


image.png (175.7 KiB)
image.png (111.8 KiB)
·
10 |1000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.