Enable remote desktop (RDP) connections for admins on Windows Server 2016

by Bharat Suneja

Windows Server 2016 has reached the General Availability (GA) milestone today. You can download it from your volume licensing site or MSDN. You can also create Azure VMs with Windows 2016.

The latest and greatest Windows Server has many new Remote Desktop features. See What’s New in Remote Desktop Services in Windows Server 2016 for the laundry list.

If you’re just trying to enable RDP for remote admin connections, here’s how to do it.

  1. Type SystemPropertiesRemote.exe in a command or PowerShell window.
  2. In the System Properties dialog, select Allow remote connections to this computer.
    Screenshot: System Properties - allow remote connections
    Figure 2: Allow remote desktop connections.

    Windows Server supports Network Level Authentication (NLA) for RDP connections. This forces the authentication to occur before the session begins. Without NLA, the RDP host presents the user logon screen when the RDP session starts. NLA is more secure.

  3. [Optional] Administrators have remote desktop access by default. If you want to allow RDP access to additional users, click Select users, select the users and then close the dialog box.
    Screenshot: Select users to allow RDP access
    Figure 3: Select users who should be allowed remote desktop connections

Enable Remote Desktop using PowerShell

Of course, many IT pros prefer PowerShell. In this case, I found running SystemPropertiesRemote.exe was faster, but PowerShell helps you automate these settings, for example, as part of unattended setup.

Here’s how you can enable Remote Desktop using PowerShell (credit to Samuel Yee, who has it documented here, saving me the trouble to fire up Process Monitor, one of the fine, and free, Windows SysInternals tools):

  1. Enable Remote Desktop connections

    Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\‘ -Name “fDenyTSConnections” -Value 0

  2. Enable Network Level Authentication

    Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\‘ -Name “UserAuthentication” -Value 1

  3. Enable Windows firewall rules to allow incoming RDP

    Enable-NetFirewallRule -DisplayGroup “Remote Desktop”

There are scripts in the TechNet Script Gallery that’ll allow you to run this against a large number of computers and turn on any services required to automate this.

{ 0 comments… add one now }

Leave a Comment

Previous post: