A Windows System Admin's Blog

Covering Server Administration, Endpoint Management, Scripting and Network Management

Remote Desktop is Blocked in Windows Firewall even though Group Policy Setting is set to allow

,

So I’m going through and trying to automate a lot of things in our environment (one thing you should always try and do as a SysAdmin is to automate repetitive tasks) and to help me achieve this I’m using Group Policy, step one is enable Remote Desktop to all of our Servers automatically. Created the Group Policy Object, allowed Remote Desktop Connections and also setup a list of IP Addresses to allow connections from.

After a while I added another IP Address to the exemptions and the next morning I found that I was no longer able to RDP directly to some of my servers, wondering what had happened I logged into our Hyper-V host (where RDP was still working) and I logged onto one of the affected servers. I firstly went and checked to ensure that RDP was still enabled, yup sure is, I then went and checked the Firewall and I spotted a Block and Deny All rule that I was sure I didn’t create. So I went back over the GPO that I had applied, went into the IP exceptions and turns out there was a SPACE separating one of the IP Addresses after the comma.

Removed that space, performed a GPUpdate on the affected machines and Remote Desktop started working again.

 

Leave a Reply

More Posts

AWS and Windows Activation

Quick one today where I was on a client server hosted in AWS that wasn’t activated. Trying to activate it via Settings App throws and error. Like most large scale cloud vendors (except Azure), AWS use KMS to activate their windows machines, however sometimes the servers need some help to reach the internal KMS servers […]

How to protect all existing Organizational Units (OUs) in your Active Directory domain from Accidental Deletion by using PowerShell

We recently took on a new hire, although I was confident in their ability in managing Active Directory I wanted to take an extra step in protecting Organizational units from deletion.  I was sure that I could do this quickly using PowerShell instead of right-clicking each of our 80 odd OUs and going into their […]

How to allow an Active Directory Certificate Authority to generate Certificates with a Subject Alternative Name attribute

Starting with Google Chrome 58, Chrome no longer trusts certificates without the Subject Alternative Name attribute, so this makes it a little troublesome for those with internal CAs where you rely on them for Software Development. We noticed last week that some end users couldn’t hit an internal application over HTTPS, but was fine in […]