Thursday, December 29, 2016

Need Remote Access? Enable it in Group Policy

Remotely accessing devices is a great way to provide tech support, access files, install software or simply maintain devices. Using remote desktop services is a great way to gain access to devices in a different location. Whether devices are in another building on the same property, or as far away as another state or country, accessing them remotely can be far more efficient than traveling to each of them. Additionally, faster Internet speeds mean accessing computers remotely is smoother and more native than ever before. 

Remote desktop services can be disabled on local devices which will, unfortunately, deny all remote access requests. Touching each device to enable remote desktop services can be time consuming. Instead, enable remote desktop services in group policy and wait for the new group policy settings to be pushed to each device.



Need Remote Access? Enable it in Group Policy

Normally enabling remote desktop services requires access to the local computer, whether directly or by having someone at the computer modify the settings. Enabling this setting using group policy is much faster. Before making changes to group policy, verify the computer you are trying to connect to is on and that remote desktop services is in fact disabled. 

First, make sure the computer is turned on.
  • Start by checking DNS to find the IP address of the machine. 
  • Ping the IP address.
    • If ping responds, the device is on and remote desktop connections are disabled.
    • If ping does not respond, have someone turn the device on or, if applicable, use Wake on LAN to boot the device remotely.
Once the device is running, try connecting again using remote desktop. If access is still denied, enable remote desktop connections using group policy following the process below.
  • Connect to a domain controller to access group policy settings.
  • Open the Group Policy Management Editor.
    • Open Administrative Tools.
    • Select Group Policy Management.
  • Expand to access the correct domain.
  • Right-click on an existing Group Policy Object (GPO) or create a new one just for remote desktop access. This is a preference really, however it is important to note if there are multiple GPO's in place, some may not be applied to everyone so it is sometimes easier to create a GPO just for the purpose of enabling remote desktop access.
    • To create a new GPO, right click on the domain and select "Create a GPO in this domain and Link it here..."


  • Right-click on the appropriate GPO and select edit from the menu.


  • Under Computer Configuration, expand "Policies":
    • Under policies expand "Administrative Templates"
    • Under administrative templates expand "Windows Components"
    • Under windows components expand "Remote Desktop Services"
    • Under remote desktop services, expand "Remote Desktop Session Host"
    • Under remote desktop session host, click on "Connections"
      • In the right pane, double click "Allow users to connect remotely by using Remote Desktop Services" to open its settings.
        • Click the radio button to enable this setting.


        • Click Apply and OK to save the setting.


      • The updated setting is listed as enabled in the right pane.
  • Close the Group Policy Management Editor.
Once group policy has been modified to enable remote desktop connections, wait 15 minutes to an hour for this change to be imported and updated by all devices on the network. Connecting to the remote device using remote desktop works once the group policy has had time to be applied. Once the connection to the remote device is successfully made, enter the credentials to log onto the device like you normally would.

Whether it is used to provide technical support, install updates, download software, modify functionality or simply to access files, connecting to devices remotely is efficient. Not needing to be in the same place as every device you maintain or monitor saves time and additionally provides faster support to those who use the device. If a device has remote desktop connections disabled, connecting to a domain controller to update the group policy is a quick way to modify this setting for all devices at once.

As always, quicker access and finding ways to globally change things when it comes to tech is key!

Enjoy this post? Subscribe to our Blog

No comments:

Post a Comment