0

On the user PC (in domain) in settings they can see that RDP is turned off but the possibility to turn it on is disabled with the message: "Some settings are managed by your organization".

Some other PC in the same domain has RDP turned on while the same "Some settings are managed by your organization" is present.

So it is somehow set on the level of PC I guess (as establishing of the RDP session happens before the user logged in).

And I searched everywhere where I can activate it on the server (SBS 2003) but couldn't find a place where it is being managed. It should be somewhere. But where? Please, advise!

Alexander P
  • 139
  • 1
  • 6

2 Answers2

1

The current problem was solved by running on the client side (in Powershell)

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name “fDenyTSConnections” -value 0

Enable-NetFirewallRule -DisplayGroup “Remote Desktop”

But I have an impression that the right solution should be on the server side.

Alexander P
  • 139
  • 1
  • 6
0

This is managed by your Group Policies on the SBS 2003 server. Control Panel > Administrative Tools > Group Policy Management

Once you find the offending policy you can make the change and run "gpupdate /force" on the workstation or simply reboot the workstation.

user7749674
  • 148
  • 6
  • Thank you for your reaction. I added t the question one probably important detail : another PC in the same domain has RDP enabled (but stil no control on enabling/disabling) As you suggested I look to the GPM . I see there Default Domain Policy Windows Component/Terminal Services Policy Setting Allow users to connect remotely using Terminal Services :: Enabled If it is the right place than it should be enabled for all users. Probably it is not right place as the settings are different per compurer. – Alexander P Mar 27 '21 at 08:39
  • @AlexanderP You will need to look through all of the policies and probably should read on Group Policy architecture, policies can certainly affect some machines and not others this is a design element of Group Policies. GPOs are inherited from the highest level and applied at the OU level, additionally there is filtering on each Group Policy that can further restrict which objects this particular policy applies to. While you can change it via powershell, its like if this setting is coming from the domain controller it will revert back on the next policy refresh. – user7749674 Mar 27 '21 at 18:44