RDP is enabled via Group Policy but still shows as turned off

Rich Leon 0 Reputation points

I've configured a GPO that I can confirm is applying to enable RDP on a Windows 10 21H2 LTSC machine with the latest updates as of today. In the old system settings it shows as on but in the new useless Settings under Remote Desktop it shows as 'Off' and 'Some settings are managed by your organization' I am unable to RDP to this machine even though it is enabled and I am a member of the remote users group. Note I am a domain admin for the domain and have a clue.

I have confirmed with gpresult that the settings are being applied.

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
10,214 questions
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. Dave Patrick 426.1K Reputation points MVP

    I'd check the service is started and that the firewall rules are enabled for the domain profile.

    --please don't forget to upvote and Accept as answer if the reply is helpful--

    User's image

  2. Limitless Technology 44,006 Reputation points

    Hello Rich Leon,

    It is usual that environmental settings are greyed out and in different setting when GPO is applied. Basically the system just ignores them as there is a superior authority that controls the setting (GPO). So the fact that it shows Off doesnt mean that is still Off.

    You can use two tools for determining if your setting is correct.

    1. From one side, check if the GPO is applied properly with GPRESULT /H OUTPUT.HTML (the file will contain a description of policies applied successfully or failed)
    2. Run the next PS commandline to determine the real status of RDP on the system's WIM:

    Get-CimInstance -Namespace "root\cimv2\TerminalServices" -Class win32_terminalservicesetting | select ServerName, AllowTSConnections

    I would think that those would come correct due to your experience, check the next:

    • Run a clean boot to discard 3rd party apps interference, specially antivirus: https://support.microsoft.com/en-us/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd
    • Check the type of Network that is configured in the Network and Sharing Center. If the computer shows "Publich Network" the RDP functionality will be blocked for security of exposure.
    • Check your firewall settings: Open the start menu and type “Allow an app through Windows firewall.” Alternatively, navigate to Control Panel > System and Security > Windows Defender Firewall > Allowed apps. Look for a button called “Change Settings” on the right-hand top corner of the page and click it. Ensure that RemoteDesktop is ticked.

    -Add the RDGClientTransport Key:

    In this option, you’ll be tweaking the registry key to force the RDP to use RPC/HTTP connections instead of HTTP/UDP connection:

    Press Windows + R to open run and type Regedit. Press the Enter key.

    Navigate to HKEY_CURRENT_USER > Software > Microsoft > Terminal Server Client.

    Navigate to the right-hand pane, right-click, and choose New > DWORD (32-bit value).

    Name this option as “RDGClientTransport.”

    Double-click this newly-created file. Its properties will open, and here, look for an option to set the value data. Enter the value 1. Click OK and close the Windows registry.

    Hope it helps.

    --If the reply is helpful, please Upvote and Accept as answer--

    0 comments No comments