How to enable Remote Desktop Protocol (RDP) in Windows

Enabling Remote Desktop allows remote access to a Windows PC for administration, troubleshooting, and unattended maintenance. It provides a built-in way to reach the desktop, launch applications, and manage settings without being physically at the device.

Windows hosts Remote Desktop Protocol (RDP) through Remote Desktop Services, which typically listens on TCP port 3389 and is controlled by a Settings toggle plus firewall rules. Authentication uses local, Microsoft, or domain accounts, and access is granted to members of the Administrators group or the Remote Desktop Users group.

Incoming RDP connections are supported only on Windows Pro, Enterprise, and Education editions, while Windows Home can connect outward but cannot host inbound RDP sessions. Exposing TCP 3389 to untrusted networks increases brute-force risk, so keep Network Level Authentication (NLA) enabled, use strong passwords, and restrict inbound access to trusted networks or a VPN. Sleep/hibernate, network reachability, and organizational controls (Group Policy/MDM) can also prevent successful connections.

Steps to enable Remote Desktop on Windows:

Open Settings using Win + I.
Open System → About.
Confirm the Edition is Pro, Enterprise, or Education.

Windows Home does not support inbound RDP hosting.
Open System → Remote Desktop.
Enable the Remote Desktop toggle.

Enabling inbound RDP increases exposure, especially if TCP 3389 is reachable from untrusted networks.
Select Confirm when prompted.
Enable Require devices to use Network Level Authentication (recommended).

NLA requires authentication before a full desktop session is created.
Select Select users that can remotely access this PC.
Add the required account in the Remote Desktop Users dialog.

Members of Administrators are allowed by default, and accounts without passwords are typically blocked from Remote Desktop sign-in.
Open Windows Security → Firewall & network protection → Allow an app through firewall.
Allow Remote Desktop on the intended network profile.

Select Change settings if the list is locked, and prefer enabling on Private networks unless a Public network is explicitly required.
Note the PC name shown on the Remote Desktop page.

Find the IPv4 address in Command Prompt when connecting from the same network.

C:\> ipconfig

Windows IP Configuration

Ethernet adapter Ethernet:

   IPv4 Address. . . . . . . . . . . : 192.168.1.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.1.1
##### snipped #####

The address shown under IPv4 Address is typically used for LAN connections.

Verify the Remote Desktop Services service is running.

C:\> sc query termservice

SERVICE_NAME: termservice
        TYPE               : 20  WIN32_SHARE_PROCESS
        STATE              : 4  RUNNING
                                (STOPPABLE, NOT_PAUSABLE, ACCEPTS_SHUTDOWN)
##### snipped #####

STATE : 4 RUNNING indicates the service is active.

Author: Mohd Shakir Zakaria
Mohd Shakir Zakaria is a cloud architect with deep roots in software development and open-source advocacy. Certified in AWS, Red Hat, VMware, ITIL, and Linux, he specializes in designing and managing robust cloud and on-premises infrastructures.