Remote Desktop is not enabled by default. You must specifically enable it to allow remote access to the workstation. When it is enabled, any member of the Administrators group can connect to the workstation. Other users must be placed on a remote access list to gain access to the workstation.
To configure remote access, follow these steps:
1. In Control Panel, click System And Security, and then click System.
2. On the System page, click Remote Settings in the left pane. This opens the System Properties dialog box to the Remote tab.
3. To disable Remote Desktop, select Don’t Allow Connections To This Com¬puter, and then click OK.Skip the remaining steps.
4. To enable Remote Desktop, you have two options. You can:
- Select Allow Connections From Computers Running Any Version Of Remote Desktop to allow connections from any version of Windows.
- Select Allow Connections Only From Computers Running Remote Desktop With Network Level Authentication to allow connections only from Windows 7 or later computers (and computers with secure network authentication).
5. Click Select Users. This displays the Remote Desktop Users dialog box.
6. To grant Remote Desktop access to a user, click Add. This opens the Select Users dialog box. In the Select Users dialog box, click Locations to select the computer or domain in which the users you want to work with are located. Type the name of a user you want to work with in the Enter The Object Names To Select field, and then click Check Names. If matches are found, select the account you want to use and then click OK. If no matches are found, update the name you entered and try searching again. Repeat this step as necessary, and then click OK.
7. To revoke remote access permissions for a user account, select the account and then click Remove.
8. Click OK twice when you have finished.
Windows Firewall must be configured to allow inbound Remote Desktop excep¬tions. You can configure this on a per-computer basis in Windows Firewall for the domain profile and the standard profile. In Group Policy, you can configure this exception and manage Remote Desktop by using the policy settings shown in the following list. These settings are found in the Administrative Templates policies for Computer Configuration under the path shown.
For Paths Under Windows Components\Remote Desktop Services:
\Remote Desktop Connection Client Allow .Rdp Files From Unknown Publishers
\Remote Desktop Connection Client Allow .Rdp Files From Valid Publishers And User’s Default .Rdp Settings
\Remote Desktop Session Host\Security Always Prompt For Password Upon Connection
\Remote Desktop Session Host\Connections Automatic Reconnection
\Remote Desktop Connection Client Configure Server Authentication For Client
\Remote Desktop Session Host\Connections Deny Logoff Of An Administrator Logged In To The Console Session
\Remote Desktop Session Host\Security Do Not Allow Local Administrators To Customize Permissions
\Remote Desktop Connection Client Do Not Allow Passwords To Be Saved
\Remote Desktop Session Host\Remote Session Environment Limit Maximum Color Depth
\Remote Desktop Session Host\Remote Session Environment Limit Maximum Display Resolution
\Remote Desktop Session Host\Remote Session Environment Limit Maximum Number Of Monitors
For Computer Configuration Path:
\Remote Desktop Session Host\Profiles Limit The Size Of The Entire Roaming User Profile Cache
\Remote Desktop Session Host\Security Require Use Of Specific Security Layer For Remote (Rdp) Connections
\Remote Desktop Session Host\Security Set Client Connection Encryption Level
\Remote Desktop Session Host\Remote Session Environment Set Compression Algorithm For Rdp Data
\Remote Desktop Connection Client Specify Sha1 Thumbprints Of Certificates Representing Trusted .Rdp Publishers
For Computer Configuration Path:
\Windows Components\NetMeeting Disable Remote Desktop Sharing
\Network\Network Connections\Windows Firewall\Domain Profile Windows Firewall: Allow Inbound Remote Desktop Exceptions
\Network\Network Connections\Windows Firewall\Standard Profile Windows Firewall: Allow Inbound Remote Desktop Exceptions