Slingshot recently rolled out several Windows 10 Pro systems for a customer, and discovered their existing GPO’s firewall rules weren’t enough to allow RDP from within the LAN.
Susan’s post Windows 10 and SBS/Essentials Platforms showed how to do it as a one-off. But I wanted a GPO! Google let me down, returning a lot of confusion and complicated workarounds. (I shared this with Susan and she blogged it, which reminded me of my own blog, duh, so here it is!)
I went exploring GPO, and found the right setting under the Advanced Firewall section: Computer Configuration->Windows Settings->Security Settings->Windows Firewall with Advanced Security->Inbound Rules->New Rule->Predefined->Remote Desktop – RemoteFX :
That’s it! Tested and confirmed working in production.
(Note: this is in addition to the usual rules at Computer Configuration->Administrative Templates->Network Connections->Windows Firewall->Domain Profile)