Enabling Remote Desktop Access via Group Policy in a Windows Domain
Overview
This lab demonstrates how to enable Remote Desktop Protocol (RDP) access on a Windows Client machine using Group Policy in an Active Directory environment. The process involves creating and applying a GPO to allow remote desktop connections.
| Skills Demonstrated |
|---|
| Creating and configuring a Remote Desktop GPO |
| Enabling RDP access via Administrative Templates in Group Policy |
| Organizing client machines into Active Directory Organizational Units |
| Linking GPOs to specific OUs for targeted policy deployment |
| Using gpupdate /force and gpresult /r to verify policy application |
| Confirming enforcement via Windows system settings feedback |
| Tools Used |
|---|
| Windows Server (Active Directory Domain Services) |
| Windows 10 |
| Group Policy Management Console (gpmc.msc) |
| Group Policy Management Editor |
| Active Directory Users and Computers (dsa.msc) |
| Command Prompt (gpupdate, gpresult) |
| Remote Desktop Settings (Windows Settings Panel) |
1. Environment Setup
- Installed a Windows Server VM
- Created a local Administrator account
- Installed Active Directory Domain Services (AD DS)
- Promoted the server to a Domain Controller with the domain name:
lab.local
- Created a domain user:
- Name: John Doe
- Logon Name:
j.doe
2. Create Organizational Unit and Add Client
- Created a new Organizational Unit: LabComputers
- Added the Windows 10 Client VM to this OU
3. Create and Configure RDP GPO
- Created a new Group Policy Object: Remote Desktop Policy
- Navigated to:
Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections - Enabled the policy: "Allow users to connect remotely using Remote Desktop Services"
4. Link GPO and Verify on Client
- Linked the Remote Desktop Policy GPO to the LabComputers OU
- On the Windows 10 Client, ran the following commands:
gpupdate /force
gpresult /r
- Verified that the Remote Desktop Policy GPO was applied
- Confirmed success by checking Remote Desktop settings:
A message appears — "Some settings are managed by your organization"
