Settings to Allow Remote Desktop Connection
I have a fleet of Windows 10 computers. I sometimes remote desktop into them so I've had a GPO to enable this for years now. Today I went to add some new computers to the domain and simply can't RDP into them. Other computers in the same OU in AD (applied with the same GPOs) don't have this problem. The GPO to enable Remote Desktop is set at the top of the domain.
If I disable the firewall on these computers RDP works. So I'm deducing it is a firewall issue. However I don't understand why. If I check in the inbound firewall rules I see the "Remote Desktop (TCP-In)" rule is enabled for domain, private. Check windows firewall -> Allowed Apps and I see that Remote Desktop is checked for domain, private. If I check in System -> Remote Settings I see it is set to "Allow remote connections to this computer". You can't alter this since it is controlled by the GPO. Network level authentication doesn't help on or off.
It seems like the GPO enabling "Allow users to connect remotely by using Remote Desktop Services" is enabling the feature and the firewall rule I set is also working. So the only thing I can come up with is that there I need other ports enabled to allow it?
The GPO I have does the following things for Remote Desktop;
Computer Configuration -> Policies ->Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote DEsktop Session Host -> Connections -> "Allow users to connect remotely by using Remote Desktop Services" = Enabled
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> User Rights Assignment -> "Allow log on through Terminal Services" = Administrators, DOMAINDomain Admins, Remote Desktop Users
Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Inbound Rules -> "Remote Desktop (TCP-IN)" = Enabled for Domain & Private