Windows 11 — Enable Remote Desktop (RDP)

Windows 11 Home cannot act as an RDP host

Home edition does not support inbound RDP connections. You need Pro, Enterprise, or Education. Check under Settings → System → About → Edition.

Pre-requisites

Windows 11 Pro / Enterprise / Education
Administrator account
The machine's IP address (ipconfig in CMD)

Method 1: Settings (GUI)

Open Settings → System → Remote Desktop
Toggle Remote Desktop to On → confirm
Done — Windows automatically adds the firewall rule for port 3389

Note the PC name shown on this page — you can use it to connect instead of the IP.

Method 2: PowerShell (Recommended for VMs)

Run as Administrator:

Enable RDP:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
    -Name fDenyTSConnections -Value 0

Open the firewall:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

Verify — fDenyTSConnections should be 0:

Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
    -Name fDenyTSConnections

Method 3: CMD (as Administrator)

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
netsh advfirewall firewall set rule group="remote desktop" new enable=Yes

Method 4: System Properties

Win+R → sysdm.cpl → Remote tab → select "Allow remote connections to this computer" → OK

Firewall rule still needs to be added manually if not done automatically (see Method 1 or 2).

Connect

From any RDP client (Windows: mstsc, Linux: xfreerdp, remmina):

Host: <IP or machine name>
Port: 3389 (default)
User: .\<localuser>  or  <DOMAIN>\<user>

Find the IP

ipconfig

Use the IPv4 address of the relevant adapter (usually the first Ethernet or Wi-Fi entry).

Common Issues

Symptom	Likely cause	Fix
Connection refused	RDP not enabled or firewall blocking	Re-run firewall rule, check Windows Firewall
"Your credentials did not work"	Wrong username format	Try `.\username` for local accounts
NLA error on older clients	Network Level Authentication mismatch	On the host: Settings → Remote Desktop → disable NLA (not recommended long-term)
"Remote Desktop can't connect" on Home	Wrong edition	RDP host requires Pro or above
Black screen after connect	Display driver / GPU issue in VM	Add `disableHWA:i:1` to the `.rdp` file or disable GPU acceleration in VM settings

Security Notes

NLA is enabled by default — keep it. It authenticates before a full session is established, reducing attack surface.
Change the default port if the machine is exposed to the internet: HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp → PortNumber. Update the firewall rule accordingly.
Prefer VPN + RDP over exposing port 3389 directly to the internet.