Create GPO to Enable RDP on Servers and Create new GPO Link using PowerShell


Create GPO to Enable RDP on Servers and Create new GPO Link using PowerShell

In this pot, I will look at a basic Group Policy configuration to enable Remote Desktop on servers in a particular Organizational Unit. I will also showcase how to link a GPO to a different OU using Windows PowerShell.

To get started we need to launch the Group Policy Management from a Domain Controller.

Right click on the OU where you want the policy to apply and click on Create a GPO in this domain, and link it her..

Provide a name for the new policy i.e. “Enable-RDP

Right click the newly created policy and selected Edit..

To enable the required Options expand Computer configuration.

Navigate to Computer Configuration > Administrative Templates >Network >Network Connections \Windows Firewall >Domain Profile> Windows Firewall: Allow Inbound Remote Desktop exceptions: and set it to Enabled

Navigate to Computer Configuration >Administrative Templates >Windows Components>Remote Desktop Services>Remote Desktop Session Host >Connections >Allow user to connect remotely by using Remote Desktop Services: set it to Enabled

Last but not least…

Navigate to Computer Configuration >Administrative Templates >Windows Components> Remote Desktop Services> Remote Desktop Session Host> Security > Require user authentication for remote connections by using NLA: set to Disabled

Now let’s view the completed policy and all settings modified, by clicking on the newly created policy and select the Settings tab on the right-hand side.

To verify if the new GPO has been applied to the Server logon to one of the server and run the following command in CMD

Let’s verify the RDP settings on the same server.

As we can see RDP has been enabled and greyed out on the selected server.

Next, I will use the same policy which we created and link it to the “Desktop Computers” OU and for this task I will use PowerShell.

To get started launch Windows PowerShell and run the following cmdlet to import the required Modules for GroupPolicy.

Next let’s list the Current Available Group Policies by running the following cmdlets.

Now that we can view the GPO we created earlier let’s go ahead and Link it to another OU.

This can be done by running the following cmdlet.

Let’s view this in Group Policy Management to see if the Link has been created.

As we can see the policy has been linked and Enforced as well to the OU “Desktop-Computes

Let’s verify if the Desktop has the new policy applied.

Remote Desktop has been enabled on the Desktop Machine as well.

To sum it all up, we have created a new group Policy to enabled Remote Desktop and one OU and then use Windows PowerShell to link the new Policy to another OU.


Sharing is caring!

Previous articleCreate Exchange 2010 Client Access Array
Next articleHow to find FSMO Roles Holder Active Directory
About Me ? I Guess i would start by saying i am a family guys and full time SysAdmin and Tech Junky. This Blog is my first attempt to share information about daily issues i come across as a SysAdmin as well as some new deployments i am part of. Topics that i will cover will mostly be about Office 365,Windows,Exchange as well as Active Directory. I hope some of my Blog posts helps someone #LiveLongAndBeLazy #Exchange #Office 365 #ActiveDirectory #Hyper-V



Please enter your comment!
Please enter your name here