Caponato's Notebook

This is what works for me:

This may or may not work for you but this is what I have in the “Allow RDC GPO”:

• Using ADUC, create a Remote Desktop users group (I named it RDU) (remember to assign a guiNumber of using 'ad' idmap backend)
• Computer configuration / Policies / Windows settings / Security settings / Restricted Groups/ → Add RDU to “BUILTIN\Remote Desktop Users” and also add RDU to “Remote Desktop Users“
• Computer configuration / Policies / Windows settings / Security settings / Windows Firewall →Allow inbound port 3389 (may not be needed)
• Computer configuration / Policies / Administrative templates / Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections → Allow users to connect remotely by using Remote Desktop Services -  Enabled
• Computer configuration / Policies / Administrative templates / Windows Components/Remote Desktop Services/Remote Desktop Session Host/Connections → Require user authentication for remote connections by using Network Level Authentication - enable

I think that’s it. Let me know how you get on, and if there’s any item not needed.

Caponato's Samba notebook. Start here or else Main menu