Allow users to connect remotely using Terminal Services
Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2
To allow users to connect remotely using Terminal Services
Open Group Policy.
In Computer Configuration, Administrative Templates, Windows Components, Terminal Services, double-click the Allow users to connect remotely using Terminal Services setting.
Do one of the following:
To enable Remote Desktop, click Enabled.
To disable Remote Desktop, click Disabled.
If you disable Remote Desktop while users are connected to the target computers, the computers maintain their current connections, but will not accept any new incoming connections.
Important
When you enable Remote Desktop on a computer, you enable the capability for other users and groups to log on remotely to the computer. However, you must also decide which users and groups should be able to log on remotely, and then manually add them to the Remote Desktop Users group. For more information, see Enabling users to connect remotely to the server and Add users to the Remote Desktop Users group.
You should thoroughly test any changes you make to Group Policy settings before applying them to users or computers. For more information on testing policy settings, see Resultant Set of Policy.
Notes
To perform this procedure, you must be a member of the Administrators group on the local computer, or you must have been delegated the appropriate authority. If the computer is joined to a domain, members of the Domain Admins group might be able to perform this procedure. As a security best practice, consider using Run as to perform this procedure. For more information, see Default local groups, Default groups, and Using Run as.
Use this procedure to configure the local Group Policy object. To change a policy for a domain or an organizational unit, you must log on to the primary domain controller as an administrator. Then, you must start Group Policy by using the Active Directory Users and Computers snap-in.
Alternatively, you can enable Remote Desktop by selecting the Enable Remote Desktop on this computer check box (on the Remote tab of the System Properties dialog box) on the target computers. For more information, see Enable or disable Remote Desktop.
If the Allow users to connect remotely using Terminal Services Group Policy setting described in this procedure is set to Not Configured, then the Enable Remote Desktop on this computer setting on the System Properties dialog box of the target computers takes precedence. Otherwise, the Group Policy setting takes precedence.
Be aware of the security implications of remote logons. Users who log on remotely can perform tasks as though they were sitting at the console. For this reason, you should ensure that the server is behind a firewall. For more information, see VPN servers and firewall configuration and Security information for IPSec.
You should require all users who make remote connections to use a strong password. For more information, see Strong passwords.
Remote Desktop is disabled by default in Windows ServerĀ 2003 family operating systems.
Information about functional differences
- Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.
See Also
Concepts
Configuring Terminal Services with Group Policy
Group Policy (pre-GPMC)