How to Enable Remote Desktop in Windows Server 2016

Remote Desktop Protocol ( RDP ) is a Microsoft-proprietary distant access protocol that is used by Windows systems administrators to manage Windows Server systems remotely. What sets RDP apart from, say, Windows PowerShell or Secure Shell ( SSH ) remoting is the presence of the wide graphic background, as shown in Figure 1.

MORE: Best Remote Access Software and Solutions By nonpayment, the RDP server component listens for incoming connections on TCP port 3389 by default, although this can be changed by the administrator for security reasons. To be certain, Microsoft ‘s current push is for admins to reduce their reliance upon RDP and rather ( a ) deploy Windows Servers in Server Core or Nano mode ; and ( b ) employment Windows PowerShell command-line distant administration alternatively of RDP. Microsoft ‘s justification for this advice is double :

  • A GUI layer consumes unnecessary system resources
  • A GUI layer broadens the attack surface of your servers

careless, many admins are accustomed to RDP-based distant presidency, and try to do so even in the newly released Windows Server 2016 operating arrangement. Let ‘s learn how to enable RDP in Server 2016 ( thallium ; dr : the process is identical to Windows Server 2012 R2 ) .

Server Manager

Open the Server Manager console table, voyage to the Local Server node, and click the Remote Desktop hyperlink as shown in Figure 2. The Remote Desktop hyperlink is merely a shortcut to the System Properties sheet from the System Control Panel detail. Select Allow remote connections to this calculator, and optionally enable Allow connections only from computers running Remote Destkop with Network Level Authentication ( recommended ). Network Level Authentication ( NLA ) protects Windows Server against denial-of-service ( DoS ) attacks by requiring authentication to take invest before any graphic school term is established by the server. NLA besides conserves server system resources .

Windows PowerShell

From a lower-level perspective, incoming RDP connections are enabled on a server through two Registry values and a Windows Firewall principle.
Open an lift Windows PowerShell seance and run the follow commands. This first gear one creates the fDenyTSConnections rate and sets it to 0 ( off ). This makes sense, because we do n’t want to deny Terminal Services ( TS ) connections. New-ItemProperty -Path ‘HKLM : SystemCurrentControlSetControlTerminal Server ‘ -Name ‘fDenyTSConnections ‘ -Value 0 -PropertyType dword -Force The following command creates and enables the UserAuthentication ( Network Layer Authentication ) value ; NLA is a good mind and you should consider enabling it by default on your servers. New-ItemProperty -Path ‘HKLM : SystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp ‘ -Name ‘UserAuthentication ‘ -Value 1 -PropertyType dword -Force

The next command enables the predefined “ Remote Desktop ” Windows Firewall principle. We can then invoke the Get-NetFirewallRule PowerShell cmdlet to verify as shown in Figure 3.
Enable-NetFirewallRule -DisplayGroup ‘Remote Desktop ‘

Group Policy

The chances are commodity that you want to standardize RDP behavior across all your infrastructure servers. consequently, we turn to Group Policy to accomplish this goal. Start by creating, linking and scoping a new Group Policy Object ( GPO ) that targets the servers that should share RDP waiter settings. following, navigate to the following Group Policy path and add a new Restricted Groups entrance ( shown in Figure 4 ) :
Computer ConfigurationPoliciesWindows SettingsSecurity SettingsRestricted Groups You can customize the membership in the servers ‘ built-in Remote Desktop Users group ; members of this group can establish RDP sessions to the server. note that the local Administrators group ( and, by annex, the Domain Admins ball-shaped group ) is automatically granted this privilege in Active Directory. The adopt three Group Policy settings govern :

  • Windows Firewall incoming RDP exceptions
  • User right to establish RDP sessions
  • Requiring NLA

Computer ConfigurationAdministrative TemplatesNetworkNetwork ConnectionsWindows FirewallDomain ProfileWindows Firewall : Allow Inbound Remote Desktop exceptions Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostConnectionsAllow drug user to connect remotely by using Remote Desktop Services Computer ConfigurationAdministrative TemplatesWindows ComponentsRemote Desktop ServicesRemote Desktop Session HostSecurityRequire user authentication for distant connections by using NLA

Creating the Client Connection

Windows Client and Windows Server both include the Microsoft RDP client, called Remote Desktop Connection. My darling way to invoke this tool is to : press WINDOWS KEY+R character mstsc ( which stands for “ Microsoft Terminal Services Client ” ) urge enroll I show you the Remote Desktop Connection user interface in Figure 5.

What ‘s cool about RDP clients is that they are available for fair about every background or mobile operational system. here is a representative list :

  • Android: Microsoft Remote Desktop
  • iOS: Microsoft Remote Desktop
  • Linux: rdesktop
  • macOS: Microsoft Remote Desktop
  • Windows Phone: Microsoft Remote Desktop

eminence that Windows Server supports entirely two coincident RDP sessions at once. If you need more than that, then you ‘ll have to install the Remote Desktop Services ( RDS ) Session Host waiter function and purchase extra RDS connection licenses from Microsoft .

Final Thoughts

If you ‘ve configured RDP on former Windows Server versions, then you ‘ll find that Windows Server 2016 behaves the claim same way. Keep in judgment, however, that Microsoft ‘s ever-widening embrace of “ assume gap ” security carriage and the hybrid obscure scenario and its accompanying “ manage herds, not pets “ philosophy means the emphasis is on command-line automation preferably than on-off RDP GUI sessions .

source : https://thefartiste.com
Category : Tech

About admin

I am the owner of the website thefartiste.com, my purpose is to bring all the most useful information to users.

Check Also

articlewriting1

Manage participants in a zoom meeting webinar

Call the people who attend the meet as follows Alternate host host Who scheduled the …

Leave a Reply

Your email address will not be published.