Remote Desktop Protocol (RDP) is an essential feature for system administrators and IT professionals managing Windows Server environments. It allows users to access and control a server remotely, streamlining administrative tasks and offering convenience for troubleshooting and system monitoring. In this article, we’ll walk you through the step-by-step process of how to configure RDP on Windows Server 2016.
Whether you’re new to Windows Server or looking to brush up your skills, this guide covers everything you need—from enabling RDP to securing your connection.
What Is Remote Desktop Protocol (RDP)?
RDP is a proprietary protocol developed by Microsoft that permits a user to log in to others computer over a network connection. It provides a graphical interface for remote administration & is widely used for managing servers, especially in enterprise conditions.
By default, RDP not enabled on Windows Server 2016 after installation, so you’ll need to manually configure it.
Prerequisites
Before you begin, ensure the following:
- You are logged into the server with administrative privileges.
- The server is connected to a network.
- Windows Firewall is set to permit RDP connections.
- The RDP port (default 3389) is not blocked by any external firewall or router.
Step-1: Enable Remote Desktop
Option 1: Enable via Server Manager
- Open Server Manager by clicking the icon on the taskbar or pressing Windows + S & searching for “Server Manager”.
- Click on Local Server in the left pane.
- Seeing for the Remote Desktop settings on the right.
- Press Disabled next to Remote Desktop Protocol to open the Method Properties window.
- Select the radio button: Allow RDP merger to this PC.
- (Optional but recommended) Check the box to permit connections only from personal desktops running Remote Desktop with Network Level Authentication (NLA) for added security.
- Click Apply, then OK.
Option 2: Enable via System Properties
- Press the Win + R buttons, write sysdm.cpl, & hit Submit.
- Navigate to the Remote tab.
- Under the Remote Desktop section, choose:
“Allow remote connections to this computer”. - (Optional) Enable NLA.
- Click Apply and then OK.
Step-2: Configure Firewall Rules
Windows Server 2016 comes with built-in firewall protection that may block RDP if not properly configured.
Enable RDP through Windows Firewall:
- Open Control Panel → System & Security → Win Firewall.
- Press the Permit button for an app or peculiarity through Windows Firewall.
- Scroll down to find RDP & make sure both Private & Public are checked.
- Click OK.
Or configure manually via PowerShell:
powershell Copy Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
This order enables all firewall rules associated with Remote Desktop.
Step-3: Join Users to Remote Desktop Group
By default, only administrators can connect using RDP. If you want to allow non-admin users:
- Open Method Properties (Right-press on Start → System → Remote Settings).
- Under the Remote Desktop section, click Select Users.
- In the new window, click Add.
- Type the username of the user(s) you need to grant RDP permision to.
- Click Check Names to verify, then OK.
Step 4: Note the Server’s IP Address
To connect to the server remotely, you’ll needs its IP address:
- Open Command Prompt or PowerShell.
- Type:
bash Copy ipconfig
- Looks for IPv4 Address under the active network adapter.
Note down this IP; you’ll use it to connect via the RDP client.
Step-5: Connect to the Server via RDP
Once RDP enabled and firewall access is configured, you can connect from any Windows PC.
On the client machine:
- Open Remote Desktop Connection (search for mstsc.exe).
- Enter the Internet Protocol address or hostname of the Windows Server 2016 machine.
- Click Connect.
- Enter the username & password for a user authorized to merge.
- Once authenticated, you remotely connected to your server.
Bonus: Secure Your RDP Connection
RDP is powerful but can be a security risk if improperly configured. Here are tips to make your connection more secure:
1. Use Network Level Authentication (NLA)
This requires users to authenticate before a session established, reducing the risk of DDoS and brute-force attacks.
2. Change the Default RDP Port
By default, RDP runs on port 3389. Modifying the port can help avoid automated invasion.
To change the RDP port:
- Open Registry Editor (regedit).
- Navigate to:
pgsql Copy HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp
- Find PortNumber, change it (e.g., to 3390), and restart the server.
Don’t unlearn to permit the new ports in the firewall!
3. Use a VPN
Access the server via a Virtual Private Network (VPN) before using RDP. This adds a layer of encryption & keeps your server off the public internet.
4. Set Account Lockout Policies
This confines repeated login attempts & helps defend against brute-force attacks.
- Go to Group Policy Editor (gpedit.msc).
- Navigate to:
PC Settings → Windows Settings → Security Settings → AC Policies → Account Lockout Policy.
Troubleshooting Tips
If you’re unable to connect:
- Ensure RDP enabled.
- Verify firewall rules allow inbound RDP traffic.
- Check if the RDP service is running with:
powershell Copy Get-Service -Name TermService Make sure the server isn’t behind a NAT or firewall that blocks port 3389.
Confirm user permissions.
Conclusion
Configuring RDP on Windows Server 2016 is a straightforward but essential task for anyone managing remote systems. Once on, it offers a powerful way to control your server from anywhere in the world. By following the steps in this guide and implementing the suggested security measures, you can use RDP with confidence and peace of mind.
Remote Desktop is a staple in server administration — learning how to set it up properly ensures you are prepared for modern IT demands.
