To set up Remote Desktop Protocol (RDP) on Windows Server 2019, you need to enable the Remote Desktop feature, configure firewall rules, and ensure the server is accessible over the network. This can be done by opening Server Manager, selecting Local Server, and enabling Remote Desktop under the properties section. After that, adjust the firewall to allow RDP traffic on port 3389 and make sure the user accounts that need access are members of the Remote Desktop Users group. Once completed, you can link to the server remotely using the Remote Desktop Connection client from another device.
How to Set Up RDP on Windows Server 2019? Step-by-Step Guide
1. Prerequisites for Remote Desktop Setup
Before configuring Remote Desktop on your Windows Server 2019, ensure that you have:
- Administrative privileges on the server.
- A stable network connection between the local machine and the server.
- A valid license for Remote Desktop Services if you plan to use it with multiple users simultaneously (RDS setup).
- A firewall configured to permit RDP connections (default port: 3389).
2. Enable Remote Desktop on Windows Server 2019
By default, Remote Desktop is disabled on Windows Server 2019 for security reasons. Follow these steps to enable it:
Step-1: Access Server Manager
- Open Server Manager by clicking on the Start button or typing “Server Manager” in the search bar.
- Once Server Manager is open, navigate to Local Server from the left-hand panel.
Step-2: Enable Remote Desktop
- In the Properties section of Local Server, find the option labeled Remote Desktop.
- Click on the “Disabled” status to open the system properties window.
Step-3: Allow Remote Connections
- In the Method Properties window under the Remote tab, select Allow remote connections to this computer.
- For better security, it’s recommended to check the box for Allow connections only from computers running Remote Desktop with Network Level Authentication (NLA).
Step-4: Apply Settings
- Click Apply and then OK to enable Remote Desktop.
3. Configure Remote Desktop Users
By default, only administrators can log in via Remote Desktop. If you want to allow other users access, follow these steps:
Step-1: Open System Properties
- Go back to the Remote tab in the System Properties window.
Step-2: Add Users
- Click the Select Users button. A dialog box will appear allowing you to add specific users or groups.
- Type in the names of users or groups you want to grant RDP access and click OK.
4. Configure Firewall to Allow Remote Desktop
Once Remote Desktop is enabled, ensure that your server’s firewall is configured to allow incoming RDP traffic. Here’s how to do it:
Step-1: Open Firewall Settings
- In Server Manager, press on Tools and select Windows Defender Firewall with Advanced Security.
Step-2: Create a New Rule
- In the left-hand panel, click on Inbound Rules.
- In the right-hand panel, click on New Rule.
Step-3: Enable RDP Port
- Choose Port as the rule type, and then click Next.
- Specify the protocol as TCP and type 3389 in the specific port field. Click Next.
- Allow the connection, select the network profiles you want this rule to apply to (Domain, Private, Public), and then name the rule, for example, “Allow RDP”.
- Click Finish to create the rule and allow Remote Desktop connections.
5. Connecting to the Server Using Remote Desktop
Now that you’ve configured your server for Remote Desktop, you can connect to it from another machine. Here’s how:
Step-1: Open Remote Desktop Connection
- On your local machine, press Win + R, type mstsc, and press Enter to open the Remote Desktop Connection tool.
Step-2: Enter Server Details
- In the Computer field, enter the IP address or the hostname of your Windows Server 2019 machine.
Click Connect.
Step-3: Log In
- When prompted, enter the credentials (username and password) for a user account that has RDP access to the server.
If you are connecting for the first time, you may receive a warning about the server’s certificate. You can choose to Accept and continue with the connection.
6. Optimizing Performance for Remote Desktop
Depending on your network bandwidth and usage, you may want to optimize your Remote Desktop connection to ensure smoother performance. Here are some tips:
- Adjust Remote Desktop Display Settings
- When launching the Remote Desktop tool, click Show Options before connecting.
- Under the Display tab, reduce the Color depth to 16-bit or adjust the screen resolution to match your requirements.
- Disable Resource-Intensive Features
- Under the Experience tab, choose an appropriate connection speed based on your network.
- Uncheck resource-heavy options like Desktop background, Font smoothing, and Persistent bitmap caching if you’re experiencing lag.
7. Securing Remote Desktop on Windows Server 2019
To protect your server from unauthorized access, you must take additional steps to secure the RDP connection.
Step-1: Change the RDP Port
- By default, RDP uses port 3389, which is commonly targeted by attackers. Changing this port can help reduce exposure.
- You can modify the RDP listening port by editing the Windows Registry:
- Open the Registry Editor (regedit), navigate to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp.
- Find the PortNumber key, change its value to a new port number, and restart the server.
Step -2: Enable Network Level Authentication (NLA)
- Network Level Authentication adds a layer of security by requiring users to authenticate before establishing a full RDP session.
- Ensure that NLA is enabled in the Remote Desktop settings under the Remote tab.
Step-3: Enable Two-Factor Authentication
- Adding two-factor authentication (2FA) is another way to secure your RDP connections. Many third-party tools, such as Duo Security, can be integrated with Windows Server to provide 2FA for Remote Desktop.
Step-4: Limit User Access and Permissions
- Make sure only the necessary users or administrators have RDP access. Consider creating separate accounts for users who need limited access to specific server resources.
Step-5: Use a VPN
- For additional security, consider setting up a VPN to connect to the server. By doing so, you’ll restrict RDP access to users connected via the secure VPN tunnel.
Conclusion
Setting up Remote Desktop on Windows Server 2019 is a straightforward process, but securing it is just as important. By enabling the right features, optimizing performance, and securing the connection, you can enjoy seamless and safe remote access to your server. Whether for administration, troubleshooting, or working remotely, Remote Desktop is a powerful tool that can streamline server management when configured correctly.
