Create GPO to Enable RDP on Servers and Create new GPO Link using PowerShell
In this pot, I will look at a basic Group Policy configuration to enable Remote Desktop on servers in a particular Organizational Unit. I will also showcase how to link a GPO to a different OU using Windows PowerShell.
To get started we need to launch the Group Policy Management from a Domain Controller.
Right click on the OU where you want the policy to apply and click on Create a GPO in this domain, and link it her..
Provide a name for the new policy i.e. “Enable-RDP”
Right click the newly created policy and selected Edit..
To enable the required Options expand Computer configuration.
Navigate to Computer Configuration > Administrative Templates >Network >Network Connections \Windows Firewall >Domain Profile> Windows Firewall: Allow Inbound Remote Desktop exceptions: and set it to Enabled
Navigate to Computer Configuration >Administrative Templates >Windows Components>Remote Desktop Services>Remote Desktop Session Host >Connections >Allow user to connect remotely by using Remote Desktop Services: set it to Enabled
Last but not least…
Navigate to Computer Configuration >Administrative Templates >Windows Components> Remote Desktop Services> Remote Desktop Session Host> Security > Require user authentication for remote connections by using NLA: set to Disabled
Now let’s view the completed policy and all settings modified, by clicking on the newly created policy and select the Settings tab on the right-hand side.
To verify if the new GPO has been applied to the Server logon to one of the server and run the following command in CMD
|
1 |
GPUpdate /force |
Let’s verify the RDP settings on the same server.
As we can see RDP has been enabled and greyed out on the selected server.
Next, I will use the same policy which we created and link it to the “Desktop Computers” OU and for this task I will use PowerShell.
To get started launch Windows PowerShell and run the following cmdlet to import the required Modules for GroupPolicy.
|
1 |
Import-Module GroupPolicy |
Next let’s list the Current Available Group Policies by running the following cmdlets.
|
1 |
Get-GPO –All |Select DisplayName,GpoStatus |
Now that we can view the GPO we created earlier let’s go ahead and Link it to another OU.
This can be done by running the following cmdlet.
|
1 |
New-GPLink –Name Enable-RDP –Target “OU=Desktop-Computers,OU=HQ,OU=thatcloudlab,DC=thatcloudlab,DC=local” –Order 1 –Enforced yes |
Let’s view this in Group Policy Management to see if the Link has been created.
As we can see the policy has been linked and Enforced as well to the OU “Desktop-Computes”
Let’s verify if the Desktop has the new policy applied.
Remote Desktop has been enabled on the Desktop Machine as well.
To sum it all up, we have created a new group Policy to enabled Remote Desktop and one OU and then use Windows PowerShell to link the new Policy to another OU.
#ThatLazyAdmin
Thank you for sharing but unfortunately still unable to connect. It says user is not authorized.