Enabling RDP when applying a CIS Windows Build Kit

Modifying RDP Policies (Part-1)

Open “gpedit.msc” and navigate to “Local Computer Policy\Computer Configuration\Administrative templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host”* Modify the “enabled/disabled” policies to “Not Configured” for every section.

Modifying “User Rights Assignment” Policies (if you are using Local Accounts)

Open “gpedit.msc” and navigate to “Local Computer Policy\Computer Configuration\Security Settings\User Rights Assignment”* Remove “Local Accounts” from below 2 policies. Only “Guests” should be Denied. * Deny log on through Remote Desktop Services* Deny access to this computer from the network

Start the RDP services

Open “Services.msc”* Start the below 3 services and with startup type “Automatic” * Remote Desktop Services* Remote Desktop Configuration* Remote Desktop Service UserMode Port Redirector

Modifying “System Properties”

Right click on “This PC” and choose properties.* Choose “Remote Settings” in the left pane.* Under “Remote Desktop”, choose the radio button “Allow remote connections to this computer”. And also choose checkbox to have “Network Level Authentication”.

Adding Inbound Firewall Rules to allow RDP traffic

Open “gpedit.msc” and navigate to “Local Computer Policy\Computer Configuration\Security Settings\Windows Defender Firewall with Advanced Security”* Breakdown the hierarchy and right click on “Inbound Rules” to add “New Rule”.* In the next dialogue box, choose the radio button “Predefined” and select “Remote Desktop” in the drop down list. * Select all 3 rules and set the action “Allow the connection” to add.