Remote Desktop and Domain GPO

B

Bill

Is it possible to enable Remote Desktop for all computers in the domain via
Group Policy?
 
G

Guest

Hi Bill,

Use the following administrative template:

;-----------BEGIN CODE--------
CLASS MACHINE

CATEGORY !!category
POLICY !!Remote
KEYNAME "SYSTEM\CurrentControlSet\Control\Terminal Server"
EXPLAIN !!Remote_Explain
VALUENAME "fDenyTSConnections"
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
END CATEGORY


[strings]
category = "Custom Policy Settings"
Remote = "Remote Desktop"
Remote_Explain = "Enable to enable Remote Desktop. Disable to disable Remote
Desktop."
;-----------END CODE--------

Regards,
 
B

Bill

Thanks, VMM. Haven't done this before (custom admin templates) but I will
give it a go in conjunction with MS How-To 323639.
Cheers,
Bill
 
G

Guest

If you need help to do that let me know.

Regards,

Bill said:
Thanks, VMM. Haven't done this before (custom admin templates) but I will
give it a go in conjunction with MS How-To 323639.
Cheers,
Bill
VMM said:
Hi Bill,

Use the following administrative template:

;-----------BEGIN CODE--------
CLASS MACHINE

CATEGORY !!category
POLICY !!Remote
KEYNAME "SYSTEM\CurrentControlSet\Control\Terminal Server"
EXPLAIN !!Remote_Explain
VALUENAME "fDenyTSConnections"
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
END CATEGORY


[strings]
category = "Custom Policy Settings"
Remote = "Remote Desktop"
Remote_Explain = "Enable to enable Remote Desktop. Disable to disable
Remote
Desktop."
;-----------END CODE--------

Regards,
 
B

Bill

Hi VMM. When I add the template only the category name appears under
Administrative Templates. when I click on the name the right-hand panel is
blank. I am sure I followed the How-To, and have tried re-doing it a couple
of time with the same result. Any idea why?
Cheers,
Bill

VMM said:
If you need help to do that let me know.

Regards,

Bill said:
Thanks, VMM. Haven't done this before (custom admin templates) but I will
give it a go in conjunction with MS How-To 323639.
Cheers,
Bill
VMM said:
Hi Bill,

Use the following administrative template:

;-----------BEGIN CODE--------
CLASS MACHINE

CATEGORY !!category
POLICY !!Remote
KEYNAME "SYSTEM\CurrentControlSet\Control\Terminal Server"
EXPLAIN !!Remote_Explain
VALUENAME "fDenyTSConnections"
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
END CATEGORY


[strings]
category = "Custom Policy Settings"
Remote = "Remote Desktop"
Remote_Explain = "Enable to enable Remote Desktop. Disable to disable
Remote
Desktop."
;-----------END CODE--------

Regards,
 
G

Guest

Hi Bill,

To view the policy right click on administratives templates and select View
-> Filtering.
On Filtering Dialog Box uncheck Only show policy settings that can be fully
managed.

Regards,

Bill said:
Hi VMM. When I add the template only the category name appears under
Administrative Templates. when I click on the name the right-hand panel is
blank. I am sure I followed the How-To, and have tried re-doing it a couple
of time with the same result. Any idea why?
Cheers,
Bill

VMM said:
If you need help to do that let me know.

Regards,

Bill said:
Thanks, VMM. Haven't done this before (custom admin templates) but I will
give it a go in conjunction with MS How-To 323639.
Cheers,
Bill
Hi Bill,

Use the following administrative template:

;-----------BEGIN CODE--------
CLASS MACHINE

CATEGORY !!category
POLICY !!Remote
KEYNAME "SYSTEM\CurrentControlSet\Control\Terminal Server"
EXPLAIN !!Remote_Explain
VALUENAME "fDenyTSConnections"
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
END CATEGORY


[strings]
category = "Custom Policy Settings"
Remote = "Remote Desktop"
Remote_Explain = "Enable to enable Remote Desktop. Disable to disable
Remote
Desktop."
;-----------END CODE--------

Regards,
 
D

Ding Bat

Hi, VMM. I am a silly goose! Thanks again for your help.
Cheers,
Bill
VMM said:
Hi Bill,

To view the policy right click on administratives templates and select
View
-> Filtering.
On Filtering Dialog Box uncheck Only show policy settings that can be
fully
managed.

Regards,

Bill said:
Hi VMM. When I add the template only the category name appears under
Administrative Templates. when I click on the name the right-hand panel
is
blank. I am sure I followed the How-To, and have tried re-doing it a
couple
of time with the same result. Any idea why?
Cheers,
Bill

VMM said:
If you need help to do that let me know.

Regards,

:

Thanks, VMM. Haven't done this before (custom admin templates) but I
will
give it a go in conjunction with MS How-To 323639.
Cheers,
Bill
Hi Bill,

Use the following administrative template:

;-----------BEGIN CODE--------
CLASS MACHINE

CATEGORY !!category
POLICY !!Remote
KEYNAME "SYSTEM\CurrentControlSet\Control\Terminal Server"
EXPLAIN !!Remote_Explain
VALUENAME "fDenyTSConnections"
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
END CATEGORY


[strings]
category = "Custom Policy Settings"
Remote = "Remote Desktop"
Remote_Explain = "Enable to enable Remote Desktop. Disable to
disable
Remote
Desktop."
;-----------END CODE--------

Regards,
 
B

Bruce Sanderson

Maybe I'm missing something, but there are built in setting for enabling
Remote Desktop.

Computer Configuration
Windows Settings
Security Settings
Local Policies
User Rights Assignment
Allow Users to connect remotely using Terminal Services -
specify which user accounts can logon remotely

and

Computer Configuration
Administrative Templates
Windows Components
Terminal Services
Allow users to connect remotely using Terminal Services - turns on
the Remote Desktop capability

We use that for all of our Windows XP workstations and it works just fine.
 
R

Richard Berndt

You can check the Properties of My Computer and select the Remote tab.
There will be a checkbox to allow remote connections.
 
B

Bruce Sanderson

Yes, I understand that, but that's not the point I was trying to make.

Earlier in this thread, VMM suggested creating a custom ADM templae to
"tattoo the registry" to do what appears to be the same thing as can be done
by Policies that in the ADM templates distributed with Windows.
 
D

Ding Bat

Hi Bruce,
I have looked, and my Window 2000 server does not provide either of these
policy objects.
Bill
Bruce Sanderson said:
Maybe I'm missing something, but there are built in setting for enabling
Remote Desktop.

Computer Configuration
Windows Settings
Security Settings
Local Policies
User Rights Assignment
Allow Users to connect remotely using Terminal Services -
specify which user accounts can logon remotely

and

Computer Configuration
Administrative Templates
Windows Components
Terminal Services
Allow users to connect remotely using Terminal Services - turns
on the Remote Desktop capability

We use that for all of our Windows XP workstations and it works just fine.

--
Bruce Sanderson MVP Printing
http://members.shaw.ca/bsanders

It is perfectly useless to know the right answer to the wrong question.



VMM said:
Hi Bill,

Use the following administrative template:

;-----------BEGIN CODE--------
CLASS MACHINE

CATEGORY !!category
POLICY !!Remote
KEYNAME "SYSTEM\CurrentControlSet\Control\Terminal Server"
EXPLAIN !!Remote_Explain
VALUENAME "fDenyTSConnections"
VALUEON NUMERIC 0
VALUEOFF NUMERIC 1
END POLICY
END CATEGORY


[strings]
category = "Custom Policy Settings"
Remote = "Remote Desktop"
Remote_Explain = "Enable to enable Remote Desktop. Disable to disable
Remote
Desktop."
;-----------END CODE--------

Regards,
 
D

Ding Bat

The original question (although poorly framed) was looking to accomplish
this without having to visit each PC, i.e., using Group Policy on the
server.
 
L

lforbes

Ding Bat said:
The original question (although poorly framed) was looking to
accomplish this without having to visit each PC, i.e., using Group
Policy on the server.

You need to download the newest Group Policies. You can get them here
http://www.microsoft.com/downloads/...b6c-ad4a-bbf3802a5c9b&DisplayLang=en#filelist

Or you can just copy them from the C:Windowsinf directory on any XP
SP2 machine. Copy the ADM’s into the C:Winntinf folder on all the
DC’s and any machines using adminpak.msi. They are cumulative so you
can overwrite the current ones unless you have modified them.

The Windows XP SP2 adm’s are the most recent.

Cheers,

Lara
 
B

Bill

I did copy the .adms from an XP SP2 PC, but still nothing. I will download
these and see what happens.
 
B

Bill

Hi Lara,
No go. Still no objects for allow remote or allow TS. Any idea what is
going on here?
Cheers,
Bill
 
L

lforbes

Hi,

I’m Sorry Bill. I am not sure why your machine isn’t showing it. I
have Windows XP SP2 Pro on my home machine that isn’t connected to a
Domain and even it has the policies where Bruce said they would be:
Computer Configuration - Windows Settings - Security Settings - Local
Policies - User Rights Assignment - Allow Users to connect remotely
using Terminal Services - specify which user accounts can logon
remotely

and

Computer Configuration - Administrative Templates - Windows Components
- Terminal Services - Allow users to connect remotely using Terminal
Services - turns on the Remote Desktop capability

Try installing Adminpak.msi on a XP Pro SP2 machine and see if you can
see them then.

Cheers,

Lara
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top