How to Enable or Disable Remote Desktop via Group Policy

• Click Start – All programs – Administrative Tools – Group Policy Management.
• Create or Edit Group Policy Objects.
•  Computer Configuration -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Inbound Rules and Create a New Rule. 

• Select Port in the New Inbound Rule Wizard.
• Ensure TCP and Specific Local Port : 3389

• Allow the Connection and only select Domain and Private Profiles.
• Name this rule – Inbound Rule for RDP Port 3389

Now that we have added the local ports, we’ll need to enable the Remote Desktop Session Host policies.

• Go to Computer Configuration -> Policies -> Windows Settings -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections
•  Allow users to connect remotely by using Remote Desktop Services to Enable.

• Now we’re going to enable Network Level Authentication.  This is highly recommended and has many security advantages.  However, that’s out of the scope of this article so I won’t go in to the details now.
• Go to Computer Configuration -> Policies -> Windows Settings -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security
• Set Require user authentication for remote connections by using Network Level Authentication to Enable.

• Last but certainly not least, we need to apply the newly created GPO to an Organizational Unit so it actually works.
• Close out of GPMC.  There aren’t any more settings to configure.