Windows 7 / Networking

Enabling Remote Desktop and Authorizing Users on a Single Computer

By default, Remote Desktop is not enabled on host computers running Windows 7. To enable Remote Desktop on a single host computer, follow these steps:

  1. Click Start, right-click Computer, and then click Properties.
  2. Click the Remote Settings link to open the Remote tab of System Properties.
  3. Choose either the second or third option under Remote Desktop.

Note Enabling Remote Desktop on a computer requires administrative credentials because inbound rules must be enabled in Windows Firewall to allow the host computer to listen for incoming connection attempts from RDC clients over TCP port 3389. You can change the port that RDC uses by modifying the HKLM\System\CurrentControlSet\Control \TerminalServer\WinStations\RDP-Tcp registry value, but if you do this, you must create and enable an inbound firewall rule on the host computer to allow it to listen for incoming RDP traffic. You also have to configure the RDP client to use the changed port.

The two options for enabling Remote Desktop are:

  • Allow Connections From Computers Running Any Version Of Remote Desktop (Less Secure) Choosing this option enables computers running a previous version of Windows to use a version of RDP earlier than 6.0 to connect to the host computer.
  • Allow Connections Only From Computers Running Remote Desktop With Network Level Authentication (More Secure) Choosing this option only allows RDP connections from client computers running Windows Vista or later versions. (Computers running Windows XP SP2 or Windows Server 2003 SP1 that have version 6.0 of RDC installed can also connect when this option is selected.)

In previous versions of Windows, Remote Desktop authenticated users late in the connection sequence after the Remote Desktop session had started and Winlogon came up in the session. As a result, Remote Desktop sessions were susceptible to spoofing and man-in-themiddle attacks. With the new Network Level Authentication in RDP 6.0, however, the client and host computers negotiate a mutually authenticated, secure channel for exchanging data using the Security Service Provider Interface (SSPI). In an AD DS environment, by default this mutual authentication is performed using the Kerberos v5 protocol and TLS 1.0.

If you try to establish a Remote Desktop session from a client computer running Windows 7 to a host computer running a version of Windows that supports only a version of RDP earlier than 6.0 warning that the identity of the host computer cannot be verified. When the client computer running Windows connects to the host computer and establishes a Remote Desktop session, the absence of the lock icon indicates that Network Level Authentication has not been used to mutually authenticate the client and host computers.

Note The authentication response displayed while attempting to establish a Remote Desktop session depends on the configuration of the RDC client.

When enabling Remote Desktop on a computer, you must also authorize which users will be allowed to remotely connect to that computer using RDC. By default, only administrators are authorized to remotely connect to the host computer. Authorize additional users by following these steps:

  1. Click the Select Users button to open the Remote Desktop Users dialog box.
  2. Click Add and then either specify or find user accounts in AD DS (or on the local computer on stand-alone host computers) and add them to the list of Remote Desktop Users authorized to access the host computer using Remote Desktop. This adds the selected users to the Remote Desktop Users local group on the host computer.
[Previous] [Contents] [Next]

In this tutorial:

  1. Connecting Remote Users and Networks
  2. Enhancements for Connecting Remote Users and Networks in Windows 7
  3. Understanding IKEv2
  4. Understanding MOBIKE
  5. Understanding VPN Reconnect
  6. Protocols and Features of VPN Reconnect
  7. How VPN Reconnect Works
  8. Understanding DirectAccess
  9. Benefits of DirectAccess
  10. How DirectAccess Works
  11. Windows 7 and Windows Server 2008 R2
  12. Ipv6
  13. IPsec
  14. Perimeter Firewall Exceptions
  15. Implementing DirectAccess
  16. Understanding BranchCache
  17. Benefits of BranchCache
  18. How BranchCache Works
  19. Protocols Supported by BranchCache
  20. Implementing BranchCache
  21. Supported Connection Types
  22. Outgoing Connection Types
  23. Incoming Connection Types
  24. Deprecated Connection Types
  25. Supported Tunneling Protocols
  26. Comparing the Different Tunneling Protocols
  27. Understanding Cryptographic Enhancements
  28. Support for AES
  29. Weak Cryptography Removal from PP TP/L2TP
  30. Supported Authentication Protocols
  31. Understanding the VPN Connection Negotiation Process
  32. Creating and Configuring VPN Connection
  33. Creating a VPN Connection
  34. Initiating a Connection
  35. Terminating a Connection
  36. Viewing Connection Details
  37. Configuring a VPN Connection
  38. Configuring Security Settings for a VPN Connection
  39. Configuring the Tunneling Protocol (s) Used
  40. Configuring Advanced Connection Settings
  41. Configuring the Data Encryption Level
  42. Configuring the Authentication Method Used
  43. Configuring Authentication for IKEv2 connections
  44. Configuring Mobility for IKEv2 Connections
  45. Configuring Dial-Up Connections
  46. Creating a Dial-Up Connection
  47. Advanced Connection Settings
  48. Configuring Incoming Connections
  49. Managing Connections Using Group Policy
  50. Using Remote Desktop
  51. Understanding Remote Desktop
  52. Versions of RDP
  53. RDP 6.1 Features and Enhancements
  54. RDP 7.0 new features and enhancements
  55. RemoteApp and Desktop Connection
  56. Understanding RDC
  57. Understanding Remote Desktop Services Terminology
  58. Configuring and Using Remote Desktop
  59. Enabling Remote Desktop and Authorizing Users on a Single Computer
  60. Enabling Remote Desktop Using Group Policy
  61. Configuring and Deploying Remote Desktop Connection
  62. Configuring Remote Desktop Connection from the Command Line
  63. Configuring Remote Desktop Connection Using Notepad
  64. Configuring Remote Desktop Using Group Policy
  65. Establishing a Remote Desktop Session
  66. Improving Remote Desktop Performance
  67. Troubleshooting Remote Desktop Sessions
  68. Configuring and Using RemoteApp and Desktop Connection