Saturday, February 15, 2014

Configuring an Active Directory GPO to force enable Remote Assistance and Remote Desktop

I get asked the question about creating a GPO to enable the following 2 settings quite often:

  1. Remote Assistance
    Allow Remote Assistance connections to this computer
  2. Remote Desktop
    Allow connections from computers running any version of Remote Desktop (less secure)

image 

As I know I’ll get asked about this in the near future, this blog post will serve to demonstrate the configuration settings required to achieve this.

Remote Assistance
Allow Remote Assistance connections to this computer

To enforce this setting on a server or desktop, create a GPO and navigate to:

Computer Configuration –> Policies –> Administrative Templates –> System –> Remote Assistance then enable the following settings:

Solicited Remote Assistance

Offer Remote Assistance

image

Once this setting is configured, the Remote Assistance section in the Remote tab of System Properties will look as such:

image

Note how the Allow Remote Assistance connections to this computer is now grayed out.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

Remote Desktop
Allow connections from computers running any version of Remote Desktop (less secure)

To enforce this setting on a server or desktop, create a GPO and navigate to:

Computer Configuration –> Policies –> Administrative Templates –> Windows Components –> Remote Desktop Services –> Remote Desktop Session Host –> Connections then enable the following setting:

Allow users to connect remotely using Remote Desktop Services

image

Once this setting is configured, the Remote Desktop section in the Remote tab of System Properties will look as such:

image

Note how the Don’t allow connections to the computer is now grayed out.

--------------------------------------------------------------------------------------------------------------------------------------------------------------------

In addition to the configuration settings above, if you’d like the domain firewall to be disabled, navigate to:

Computer Configuration –> Policies –> Administrative Settings –> Network –> Network Connections –> Windows Firewall –> Domain Profile then disable:

Windows Firewall: Protect all network connections

image

1 comment:

Joydeep said...

Thank you. Your blog was very helpful and efficient..
Internet Explorer Tech Support