Setup Group Policy Objects (GPOs) for remote management

Launch Group Policy Management Console (gpmc.msc)
Computer Configuration > Policies > Windows Settings > Security Settings > System Services >

Set to automatic for following services:

Plug and Play 
Remote Registry 
Virtual Disk

 

Computer Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Inbound > New Rule

Add the following rules

Enable Device Manager MMC in Group Policy (No longerĀ supported in 2012)
User Configuration > Administrative Templates > Windows Components > Microsoft Mangement Console > Restricted/Permitted snap-ins > Enable "Device Manager"

 

Allow remote access to the Plug and Play interface
Computer Configuration > Policies > Administrative Templates > System > Device Installation > Enable "Allow remote access to the Plug and Play interface"

 

Allow remote server management through WinRM
Computer Configuration > Policies > Administrative Templates > Windows Components > Windows Remote Management (WinRM) > WinRM Service > Allow Remote Server management through WinRM > IPv4 filter: *

 

Set service to Automatic “Windows Remote Management (WS-Management)”
Computer Configuration > Policies > Windows Settings > Security Settings > System Services > Windows Remote Management (WS-Management) > Automatic

 

Windows Firewall: Define inbound port exceptions (Enabling WinRM Remote PowerShell)
Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Define inbound port exceptions > Enable

5985:TCP:*:enabled:WSMan

Windows Firewall: Allow ICMP exceptions

Computer Configuration > Policies > Administrative Templates > Networks > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Allow ICMP exceptions > Enable > Allow inbound echo request

 

Account lockout threshold

Computer Configuration > Policies > Windows Settings > Security Settings > Account Lockout Policy > Account lockout threshold > 10

 

Account lockoutĀ duration (Put under client Computer OU)

Computer Configuration > Policies > Windows Settings > Security Settings > Account Lockout Policy > Account lockout duration > 30

Allow users to connect remotely by using Remote Desktop Services

Computer Configuration > Policies > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Connections > Allow users to connect remotely by using Remote Desktop Services > Enable

 

For immediate effect on client
gpupdate /force

 

Leave a Comment

Your email address will not be published. Required fields are marked *