locked
SCCM Client installation disables Remote Desktop, though "Manage Remote Desktop Settings" is set to "False" RRS feed

  • Question

  • We are in the process of upgrading from SCCM 2007 R3 SP2 to SCCM 2012 CU1.

    In the SCCM 2012 console, under "Client Settings", "Default Settings", "Remote Tools", the option "Manage Remote Desktop Settings" is (and has always been) set to "False".

    Still, on every machine where we deploy the SCCM 2012 client, Remote Desktop gets disabled. We have a GPO that configures "Allow remote connections to this computer", but the SCCM 2012 client installation changes that to "Don't allow remote connections to this computer".

    Did we do something wrong? Or is this a bug? Or is it because RDP was enabled by a GPO, and SCCM 2012 client disables GPO RDP settings? 

    Tuesday, August 28, 2012 12:44 PM

Answers

  • Yes, I know this is an old post, but I’m trying to clean them up. Did you solve this problem, if so what was the solution?

    The connect item was close as not reproducible therefore unless someone creates a new connect item or opens a case with CSS then will never get fixed.


    Garth Jones | My blogs: Enhansoft and Old Blog site | Twitter: @GarthMJ

    • Proposed as answer by Garth JonesMVP Saturday, August 1, 2015 2:59 PM
    • Marked as answer by Garth JonesMVP Friday, February 26, 2016 5:10 PM
    Friday, March 20, 2015 8:45 PM

All replies

  • Are you sure that you don't have other client settings in place or that the GPO isn't being applied?

    I ask because I've never seen this behavior before in labs or production environments and it is not the defined behavior of ConfigMgr.


    Jason | http://blog.configmgrftw.com

    Tuesday, August 28, 2012 1:04 PM
  • Yes, I'm sure. I checked AD for GPOs etc., and I verified the behaviour above.

    I verified that we have a global GPO that enables the "Allow Remote Desktop Connections" option.

    I verified that on my laptop, this option was selected.

    I verified that in SCCM 2012 the option "Manage Remote Desktop Settings" is set to "False" in the Default Client policy (which is the only client policy).

    I installed the SCCM 2012 client on my laptop (through Push install).

    I verified that the "Do NOT allow Remote Desktop Connections" option was selected after that.

    My guess is that the SCCM 2012 client disables the GPO settings for Remote Desktop. So, if it would have been manually enabled, maybe that would stay. But as it's enabled by GPO this is removed, and the local setting is applied. Interestingly, the user is now able to change this setting (while it should be locked with "this has been configured by the administrator").

    Maybe it is related to CU1.

    Tuesday, August 28, 2012 2:20 PM
  • I had the same issue, I had to change the policy to manage it, turn it on.  I do not have a firewall exception by default to keep those machines that I do not want accessed unreachable.

    I am not running any CUs.

    Tuesday, August 28, 2012 3:37 PM
  • the same issue just occured within our environment, but we had RTM online and the remote desktop was ok, once the CU was applied, i was notified immediately by our team that folks couldn't RDP, but it was odd because we thought it was a GPO setting. but after researching we found that the false attribute prevents RDP and overwrites the setting. it was a firedrill but once we resolved it, i set the client policy for a 5 min interval for 30 mins and then reset the client policy interval back to 60 min.

    i read the doc but there is no indication that the CU would cause this issue. our TAM is involved and has submitted to the internal product team. it was frustrating but it is what it is.

    T


    thomas gonzalez

    Tuesday, September 18, 2012 1:08 AM
  • Looks like they closed it since you are using the RTM as Connect must be just for the beta products.  If anyone knows of a workaround or fix for this please share.  I am experiencing the same behavior as workstations get the new client software.

     -EDIT-

    After posting this I found the setting in Default Client Settings at the bottom of Remote Tools.  The default setting for "Manage Remote Desktop settings" is "false" with "Allow RDP" shaded, but also set to "false".  This is why your new clients have RDP disabled.  Setting "Manage Remote Desktop settings" to "true" and "Allow RDP" to "true" will restore RDP on your workstations.

    • Edited by Kevin D. Berry Wednesday, September 26, 2012 7:04 PM Blind squirrel found a nut!
    • Proposed as answer by Kevin D. Berry Wednesday, September 26, 2012 7:05 PM
    • Unproposed as answer by Kevin D. Berry Wednesday, September 26, 2012 7:05 PM
    Wednesday, September 26, 2012 6:54 PM
  • Looks like they closed it since you are using the RTM as Connect must be just for the beta products.  

    Actually no, Connect is also for RTM products in this case. Other bugs in the RTM version have been confirmed and fixed. But this one they closed for whatever reason.

    The default setting for "Manage Remote Desktop settings" is "false" with "Allow RDP" shaded, but also set to "false".  This is why your new clients have RDP disabled.  Setting "Manage Remote Desktop settings" to "true" and "Allow RDP" to "true" will restore RDP on your workstations.

    Not really. Sure this is the best workaround (and we are doing it like that). But if "Manage Remote Desktop settings" is set to "false", SCCM client should not touch the RDP settings at all. Still it does - it always configured RDP for the settings you make at this place, even if they are greyed out. 

    Thursday, September 27, 2012 4:39 AM
  • I had the same issue with a side-by-side upgrade of Configuration Manager 2007 SP2 to Configuration Manager 2012 SP1, I had to change the policy to manage it, turn it on.


    Ronny de Jong | inovativ.nl | Blog: donnystyle.wordpress.com | Twitter: twitter.com/ronnydejong

    Thursday, January 10, 2013 3:15 PM
  • The only work around that I have tried (which worked and my client was satisfied) was to setup the Remote Tools policy to manage Remote Desktop as well. They also had a GPO that enables Remote Desktop in place. Let me know if that works for you.


    http://www.blogmynog.com

    Saturday, January 12, 2013 11:20 PM
  • hi all

    Current environment is Windows 2012 and SCCM 2012 SP1

    I have also having the same issue after enabling remote tool remote desktop connection disabled in client machines.

    followed the below MS article, current envornment require remote desktop.

    http://technet.microsoft.com/en-in/library/gg682067.aspx

    any suggestions?


    • Edited by trvenkat_24 Friday, April 26, 2013 9:32 AM m
    Friday, April 26, 2013 9:30 AM
  • The last post for this was in April and it was never solved. 

    What is the solution?  Is it fixed in an update?

    Thursday, October 31, 2013 2:34 PM
  • Its still an issue with R2.

    Microsoft closed the feedback as "Not Reproducable".


    Nash Pherson, Senior Systems Consultant
    Now Micro - My Blog Posts
    If you've found a bug or want the product worked differently, share your feedback.
    <-- If this post was helpful, please click "Vote as Helpful".

    Thursday, March 27, 2014 8:44 PM
  • FYI, still an issue in R2 CU1 as well.  Thanks for posting your "fix" svhelden. 
    Tuesday, August 5, 2014 4:29 PM
  • Yes, I know this is an old post, but I’m trying to clean them up. Did you solve this problem, if so what was the solution?

    The connect item was close as not reproducible therefore unless someone creates a new connect item or opens a case with CSS then will never get fixed.


    Garth Jones | My blogs: Enhansoft and Old Blog site | Twitter: @GarthMJ

    • Proposed as answer by Garth JonesMVP Saturday, August 1, 2015 2:59 PM
    • Marked as answer by Garth JonesMVP Friday, February 26, 2016 5:10 PM
    Friday, March 20, 2015 8:45 PM
  • Hi all!

    An old post, for sure. But always sadly accurate... We are experiencing the same issue with SCCM 2012r2 client on 2008r2 RDP farm. All our RDP servers are getting a bad local group policy since the SCCM client was installed.

    There are 2 policies in fact (sorry, it's a transloation from French, could not be exact):

    /Windows components/Remote Desktop Services/Remote desktop session host/Connexions/Allow users to connect remotetly by using remote desktop service

    /Windows components/Remote Desktop Services/Remote desktop session host/Security/Require user network authentication

    These two are set to "desactivated" by the SCCM client and then, all active users connexions on our RDP farm are kicked off!!

    Does anyone get a fix for this issue?


    Regards, Eric


    • Edited by EricD26 Tuesday, August 11, 2015 8:08 AM
    • Proposed as answer by SDSIC26 Tuesday, March 15, 2016 7:18 AM
    Tuesday, August 11, 2015 8:06 AM
  • To bump this post one more time...

    I have experienced this issue recently.  ONLY with Windows 7 SP1 machines.  They all were very neglected, but once patched to current (60+ patches) the Remote Tools were enabled in SCCM was set to Manage Remote Desktop Settings to Yes,  "Allow users to connect by using Remote Desktop Services" was changed from Not Configured to Disabled on the workstations.

    Interestingly, Windows 10 machines and servers weren't affected.  The Windows 7 machines are not on a domain, which might have something to do with it as well.

    Disabling Remote Tools reset them all to Not Configured again.

    Tuesday, April 4, 2017 1:54 PM