Launch Group Policy Management Console (gpmc.msc)
Computer Configuration > Policies > Windows Settings > Security Settings > System Services >
Set to automatic for following services:
Plug and Play Remote Registry Virtual Disk
Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Inbound > New Rule
Add the following rules
Enable Device Manager MMC in Group Policy (No longerĀ supported in 2012)
User Configuration > Administrative Templates > Windows Components > Microsoft Mangement Console > Restricted/Permitted snap-ins > Enable "Device Manager"
Allow remote access to the Plug and Play interface
Computer Configuration > Policies > Administrative Templates > System > Device Installation > Enable "Allow remote access to the Plug and Play interface"
Allow remote server management through WinRM
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service > Allow Remote Server management through WinRM > IPv4 filter: *
Set service to Automatic “Windows Remote Management (WS-Management)”
Computer Configuration > Policies > Windows Settings > Security Settings > System Services > Windows Remote Management (WS-Management) > Automatic
Windows Firewall: Define inbound port exceptions (Enabling WinRM Remote PowerShell)
Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Define inbound port exceptions > Enable
5985:TCP:*:enabled:WSMan
Windows Firewall: Allow ICMP exceptions
Computer Configuration > Policies > Administrative Templates > Networks > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Allow ICMP exceptions > Enable > Allow inbound echo request
Account lockout threshold
Computer Configuration > Policies > Windows Settings > Security Settings > Account Lockout Policy > Account lockout threshold > 10
Account lockoutĀ duration (Put under client Computer OU)
Computer Configuration > Policies > Windows Settings > Security Settings > Account Lockout Policy > Account lockout duration > 30
Allow users to connect remotely by using Remote Desktop Services
Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections > Allow users to connect remotely by using Remote Desktop Services > Enable
For immediate effect on client
gpupdate /force