How to Enable Remote Desktop (RDP) on Windows Server

Remote Desktop Protocol (RDP) lets you connect to a Windows Server remotely with a full graphical desktop — essential for managing servers that are not physically accessible. On Windows Server, RDP can be enabled via Settings, PowerShell, or Group Policy. Here is how to enable it and connect securely.

Enable RDP via Server Manager / Settings

1. Open Server Manager and click Local Server in the left panel
2. Find the Remote Desktop property — it likely shows as “Disabled”
3. Click “Disabled” to open the System Properties dialog
4. Select Allow remote connections to this computer
5. Leave Allow connections only from computers running Remote Desktop with Network Level Authentication ticked — this is the more secure option
6. Click OK

Alternatively, go to Control Panel → System → Remote settings and make the same change.

Enable RDP via PowerShell

# Enable Remote Desktop
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0

# Enable through the firewall
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

# Confirm it is enabled
Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections"

A value of 0 means RDP is enabled; 1 means disabled.

Enable RDP on a Remote Server

If you need to enable RDP on a server you can currently access only via PowerShell remoting or another mechanism:

Invoke-Command -ComputerName SERVERNAME -ScriptBlock {
    Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0
    Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
}

Windows Firewall — Allow RDP

Enabling RDP via Settings usually opens the firewall rule automatically. If connections are still blocked, verify the firewall rule:

1. Open Windows Defender Firewall → Advanced Settings
2. Click Inbound Rules
3. Find Remote Desktop – User Mode (TCP-In) — it should have a green tick (enabled)
4. If it is disabled, right-click it and select Enable Rule

Connecting to the Server via RDP

1. On your PC, press Win + R and type mstsc
2. Enter the server’s IP address or hostname
3. Click Connect and enter your credentials

Use mstsc /v:SERVERNAME from Command Prompt to connect directly. For the full range of RDP options — screen resolution, drive redirection, printer sharing — click Show Options in the RDP client before connecting.

Windows Server Licensing — RDP Session Limits

Without a Remote Desktop Services (RDS) licence, Windows Server allows only two concurrent administrative RDP sessions plus one console session. These are for administration only. If you need more than two users logged in simultaneously (e.g. running applications remotely), you need RDS CALs and the Remote Desktop Session Host role installed. Running more than two concurrent application sessions without RDS licensing is a licence violation.

Security Considerations

• Do not expose RDP directly to the internet. RDP on port 3389 is constantly attacked by automated brute-force bots. If remote access from outside the network is needed, use a VPN first, or put the server behind a Remote Desktop Gateway.
• Use strong passwords and consider Account Lockout Policy — set lockout after 5 failed attempts in Security Policy to limit brute-force attempts
• Change the RDP port if you must expose it (not a security solution on its own, but reduces noise from automated scans): change the port in HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp → PortNumber
• Enable Network Level Authentication (NLA) — keeps the tickbox for NLA enabled when you allow remote connections. NLA authenticates before establishing the full RDP session, reducing the attack surface.

Related Guides

• How to Check Who Is Logged Into Windows Server
• How to Use Remote Desktop (RDP) in Windows 11
• How to Safely Restart Windows Server