Enable remote management capabilities on Windows clients within an Active Directory domain environment using Group Policy.
Which capabilities?
- Be able to PING clients
- Be able to connect to clients via Remote Desktop
- Be able to connect to clients via Computer Management
- Be able to connect to clients through Event Viewer, RegEdit, etc.
Computer Configuration \ Policies \ Administrative Templates…
Network \ Network Connections \ Windows Firewall \ Domain Profile
- Allow ICMP Exceptions:
- ENABLED - Allow inbound echo request
- Allow Inbound remote administration:
- ENABLED: Enter asterisk (*) in IPv4 address box
- Allow inbound Remote Desktop:
- ENABLED: Enter asterisk (*) in IPv4 address box
- Allow users to connect remotely using Remote Desktop services
- ENABLED
- Allow automatic configuration of listeners
- ENABLED: Enter asterisk (*) in IPv4 address box
- Open Group Policy Management (aka “GPMC”)
- Expand Forest: <name> / Domains / <your-domain> / Group Policy Objects
- Right-click and select “New”
- Enter a name for the GPO (e.g. “Remote Management”) and click OK
- Right-click on the new GPO and select “Edit”
- Follow the guideline above to locate and enable the settings
- Right-click on the very top of the tree-view panel on the name of the GPO and select “Properties”
- Check the box “Disable User Configuration settings”
- Click “Yes” to accept the warning.
- Close the Group Policy Management Editor
- Right-click on the desired computer OU in the GPMC and select “Link an existing GPO” and select your new GPO.
- That’s it.
Ref1
Ref2