question

PompadourInformatica-2811 avatar image
0 Votes"
PompadourInformatica-2811 asked NickDoud-9845 answered

Enable allowing RDP connections through GPO does not work

Hello.

I have a GPO that enables remote desktop on my computers ("Computer Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >> Connections >> Allow users to connect remotely via Remote Desktop Services")


This GPO create the Key (HKLM\software\Policies\Microsoft\Windows NT\terminal services\fDennyTSConnections - value 0) in the computers.


But RDP connections are not established (in remote desktop configuration we see that it is blocked by group policy but the RDP mark is as disabled).

If I unlink the GPO and enable remote desktop manually, the RDP connections work correctly, so we suspect that there is a problem with the application of this GPO.

What could be happening?

PS: The rest of the GPOs work correctly.

Best regards.


windows-serverremote-desktop-serviceswindows-10-networkwindows-group-policyremote-desktop-client
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

4 Answers

LimitlessTechnology-2700 avatar image
0 Votes"
LimitlessTechnology-2700 answered

Hello PompadourInformatica

Not sure which specific policy you refer to inside the folder, but unless is the fDenyTSConnections, any value as 0 would be a Disabled.

I would try instead with the policy Computer Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >> Connections.
On the right-side panel. Double-click on Allow users to connect remotely using Remote Desktop Services as Enabled.


--If the reply is helpful, please Upvote and Accept as answer--

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

PompadourInformatica-2811 avatar image
0 Votes"
PompadourInformatica-2811 answered DesmondEguakun-9134 commented

I was referring to the GPO "Allow users to connect remotely via Remote Desktop Services"

sorry, I've already edited it

· 1
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DesmondEguakun-9134 avatar image DesmondEguakun-9134 ·

Were you ever able to find a resolution to this problem? I'm experiencing the exact same thing and I've been pulling my hair out to figure out the problem.

0 Votes 0 ·
Bryce-8626 avatar image
0 Votes"
Bryce-8626 answered Bryce-8626 commented

I am experiencing the same issue. I set this up for my test groups and even a PC that already had it turned off was disabled after run gpupdate /force.

· 5
5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DesmondEguakun-9134 avatar image DesmondEguakun-9134 ·

These were the steps that resolved the issue for me, and will likely do same in your case.

Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections: Allow users to connect remotely by using Remote Desktop Services: Enabled.

Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security: Require user authentication for remote connections by using Network Level Authentication: Enabled

Computer Configuration > Policies > Windows Firewall With Advanced Security > Inbound Rules > New Rule > I select the predefined "Remote Desktop" group and enable all 3 ports.

0 Votes 0 ·
Bryce-8626 avatar image Bryce-8626 DesmondEguakun-9134 ·

I have altered my GPO settings and will test. Thank you

0 Votes 0 ·
Bryce-8626 avatar image Bryce-8626 DesmondEguakun-9134 ·

No dice, I even deleted the GPO all together and started over. When I find a solution I will share it as well. As soon as I run gpupdate /force the enable remote desktop toggle switch in settings goes to disable and displays the typical "Some settings are managed by your organization". Very odd...

0 Votes 0 ·
JakobM-4905 avatar image JakobM-4905 Bryce-8626 ·

I'm currently trying the same thing without luck. Have you managed to find a solution.

0 Votes 0 ·
Show more comments
NickDoud-9845 avatar image
0 Votes"
NickDoud-9845 answered

[11:35 AM] Nick Doud

It used to be called Remote Desktop (TCP-In)

NOW it is called Remote Desktop - User Mode (TCP-In)

[11:36 AM] Nick Doud

The GPO I have does the following things for Remote Desktop;

Computer Configuration -> Policies ->Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote DEsktop Session Host -> Connections -> "Allow users to connect remotely by using Remote Desktop Services" = Enabled

Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> "Allow log on through Terminal Services" = Administrators, DOMAIN\Domain Admins, Remote Desktop Users

Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Inbound Rules -> "Remote Desktop (TCP-IN)" = Enabled for Domain & Private

5 |1600 characters needed characters left characters exceeded
Toggle Comment visibility. Current Visibility: Visible to all users

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.