Activate remote desktop

Solution 1:

Yes, you can. There are some prerequisites either WinRM service should run on desktops or AD should be implemented.

For AD via GPO:

1) enable the policy “Allow users to connect remotely by using Remote Desktop Services” in “Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections”

2) OPTIONAL add ip’s (or subnet) of VPN users to firewall policy “Windows Firewall: Allow inbound Remote Desktop exceptions” in “Allow users to connect remotely by using Remote Desktop Services” in "Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile"

To activate RD without GPO follow the guide - https://www.hyper-v.io/remotely-enable-remote-desktop-another-computer/

Solution 2:

Have you tried PSEXEC? https://docs.microsoft.com/en-us/sysinternals/downloads/psexec

You can use PSEXEC and run the following:

psexec \\COMPUTERNAME reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0

OR

psexec \\COMPUTERNAME -u USERNAME -p PASSWORD reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0

Very useful for this situation. I have been running into this issue since the quarantine began as well.

I would change the command to fit your current workplace/domain environment, and it is possible to run on all machine within the domain with \\* as the computer name if that is the goal. Also note, you will not need to pass a username or password if you are currently running it as the domain administrator.