On the domain controller, open the group policy management tool. Show Create a new group policy. Enter a name for the new group policy. In our example, the new GPO was named: MY-GPO. On the Group Policy Management screen, expand the folder named Group Policy Objects. Right-click your new Group Policy Object and select the Edit option. On the group policy editor screen, expand the Computer configuration folder and locate the following item. Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections Access the Connections option. Enable the option named Allow users to connect remotely by using Remote Desktop Services. Optionally, access the security folder to enable the Network-level authentication. Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security Enable the option named Require user authentication for remote connections by using Network-level authentication. To save the group policy configuration, you need to close the Group Policy editor. Congratulations! You have finished the GPO creation.
asked • Apr 25, '21 | FanFan-MSFT commented • May 4, '21
I would like to configure the entries needed to create a GPO for my domain (Server 2012) that will allow me to do remote administration of the computers (Computer Management) from my own computer. So to put it another way, I want to be able to open Computer Management on my machine, and, while connected to the VPN, do a "connect to another computer" and be able configure devices and such. It seems I can do it with some computers and not others. So I want to create the GPO's necessary to have them all set up the same way. I am the domain admin. Thanks. Comment Hi, Does the GPO applied successfully? Please use gpresult /h report.html to have a verify. If everything is ok, then it's no need to worry about. "Allow Remote Assistance connections to this computer" checkbox is not associated with "Offer remote assistance" policy, it's associated with Solicited Remote Assistance policy. Reference: How to configure a computer to receive Remote Assistance offers in Windows Server 2003 and in Windows XP http://support.microsoft.com/kb/301527 How to use the "Offer Remote Assistance" policy settinghttp://support.microsoft.com/kb/308013 Remote Assistance Overviewhttp://technet.microsoft.com/en-us/library/cc753881(WS.10).aspx Regards,
Now head over to Group Policy Management. There are two ways you can approach this portion. You can either add this policy into your Default Domain Policy so it applies to everybody on the domain or just create a new GPO and set it wherever you'd like. I'll leave that decision up to you. To set this policy, open up your GPO and navigate to Computer Configuration > Administrative Templates > System > Remote Assistance. In this directory you will find a policy called "Configure Offer Remote Assistance, which is the policy we want to open up and edit. Set this policy to ENABLED and then in the options, choose "Allow helpers to remotely control the computer" and then choose your security group from the first step. Click OK and exit out of the GPO.
Picture this: you just setup a remote site and now you find yourself having to support servers (or users) you can’t physically get to. Since walking to their desk is not an option, you need to figure out How to enable Remote Desktop via Group Policy so it gets applied to machines at that site. Today, that’s exactly what I’m going to show you how to do. Enable Remote Desktop via Group PolicyThe biggest problem you could be potentially faced with, is actual permissions to modify any GPOs. I’m going to assume you have the permissions so we’ll just continue on with a bullet list that’s easy peasy for you to understand.
Now that we have added the local ports, we’ll need to enable the Remote Desktop Session Host policies.
Enable Remote Desktop using Group Policy (GPO) Video Demo
|