Windows Server 2016 has reached the General Availability (GA) milestone today. You can download it from your volume licensing site or MSDN. You can also create Azure VMs with Windows 2016.

The latest and greatest Windows Server has many new Remote Desktop features. See What’s New in Remote Desktop Services in Windows Server 2016 for the laundry list.

If you’re just trying to enable RDP for remote admin connections, here’s how to do it.

  1. Type SystemPropertiesRemote.exe in a command or PowerShell window.
  2. In the System Properties dialog, select Allow remote connections to this computer.
    Screenshot: System Properties - allow remote connections
    Figure 2: Allow remote desktop connections.

    Windows Server supports Network Level Authentication (NLA) for RDP connections. This forces the authentication to occur before the session begins. Without NLA, the RDP host presents the user logon screen when the RDP session starts. NLA is more secure.

  3. [Optional] Administrators have remote desktop access by default. If you want to allow RDP access to additional users, click Select users, select the users and then close the dialog box.
    Screenshot: Select users to allow RDP access
    Figure 3: Select users who should be allowed remote desktop connections

Enable Remote Desktop using PowerShell

Of course, many IT pros prefer PowerShell. In this case, I found running SystemPropertiesRemote.exe was faster, but PowerShell helps you automate these settings, for example, as part of unattended setup.

Here’s how you can enable Remote Desktop using PowerShell (credit to Samuel Yee, who has it documented here, saving me the trouble to fire up Process Monitor, one of the fine, and free, Windows SysInternals tools):

  1. Enable Remote Desktop connections

    Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\‘ -Name “fDenyTSConnections” -Value 0

  2. Enable Network Level Authentication

    Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\‘ -Name “UserAuthentication” -Value 1

  3. Enable Windows firewall rules to allow incoming RDP

    Enable-NetFirewallRule -DisplayGroup “Remote Desktop”

There are scripts in the TechNet Script Gallery that’ll allow you to run this against a large number of computers and turn on any services required to automate this.


BleachBit’s claim of permanently deleting emails from Exchange

In a recent news segment featuring BleachBit, Fox Business questioned whether Democratic presidential nominee Hillary Clinton may have used the software to permanently delete emails from her mail server. The segment features BleachBit lead developer Andrew Viem. Politics and click bait headlines aside, readers will find the claims interesting. How to delete secret emails from […]

More →

Google adds Microsoft Exchange support to Gmail app for Android

Google has announced Microsoft Exchange support in its Gmail client for Android. Exchange ActiveSync (EAS) is the ubiquitous protocol for mobile email clients to sync with Exchange Server, Office 365, and other products/services that license it. EAS support in the Gmail client now allows it to access both Exchange Server and Exchange Online, the on-premises […]

More →

Use a PowerShell function to find an email address in Exchange

Exchange admins frequently need to find an Exchange recipient with a specified email address, particularly for generic organizational addresses such as [email protected] Five and a half ways to find an email address in Microsoft Exchange and Active Directory lists a few ways to do it, including PowerShell. If you do this frequently, you can add […]

More →

Use a PowerShell function to get AutoDiscover XML

If you manage Exchange or support Exchange Online users, you may need to retrieve the AutoDiscover XML response. You can use the Test E-mail AutoConfiguration option in Outlook or the AutoDiscover tests in Microsoft Remote Connectivity Analyzer to retrieve the AutoDiscover response. The good news is you can also use a PowerShell one-liner or function […]

More →

Maximum number of In-Place Holds on a mailbox in Exchange 2013 and Office 365

Since the early days of In-Place Hold, the number floating around (and documented) is a maximum of five In-Place Holds before Exchange holds all content, but it’s incorrect. See the Updates section at the bottom of this article for the latest. In Exchange 2013 and Exchange Online, you can use In-Place Hold to place messages […]

More →

eDiscovery Limits and Throttling Policies in Exchange Server and Office 365

In Exchange 2013 and Exchange Online, In-Place eDiscovery allows you to search a large number of mailboxes. Although the searches are performed against the indexes built by Exchange Search, they can potentially consume significant system resources. In on-premises deployments, this generally happens in control of or with the knowledge of Exchange admins, who can and […]

More →

Archiving auto-forwarded messages in Exchange Online and Exchange Server

Microsoft Exchange can now preserve automatically forwarded messages if user is placed on Litigation Hold or In-Place Hold. Over the last few years, the Information Protection team has done a great job of implementing Compliance features in Exchange (and Office 365) such as Litigation Hold and In-Place Hold to preserve messages, eDiscovery to search and […]

More →

Issue with Symantec Enterprise Vault and Exchange 2013 fixed in Exchange 2013 CU8

Microsoft released Exchange Server 2013 Cumulative Update 8 (CU8) yesterday. See KB 3030080: Cumulative Update 8 for Exchange Server 2013 for more details, including a list of fixes included in CU8. Symantec has documented an issue with Symantec Enterprise Vault™, Symantec’s on-premises archiving solution, and Exchange 2013 CU6 and CU7. The corresponding Microsoft KBA Symantec […]

More →

Disable automatic email forwarding in Office 365 and Exchange Server

Exchange Server and Exchange Online allow your users to automatically forward email to an external email address. Over the years, I’ve written about forwarding email to an external email address in Exchange, the risks of forwarding work email to personal email accounts and listing users with email forwarding enabled. Figure 1: Automatic email forwarding options […]

More →