Need help enabling Remote Desktop on Windows 11 at home

Remote Desktop
1

I’m trying to turn on Remote Desktop on my Windows 11 PC so I can connect to it from another computer when I’m away, but I’m not sure if I’m missing a setting, a permission, or a specific Windows edition requirement. I’ve checked the system settings and some guides online, but the options don’t look the same on my machine. Can someone walk me through the correct steps to enable Remote Desktop on Windows 11 and mention any common issues that might block it, like firewall rules or account restrictions?

2

On my Windows 11 box, this is what I ended up doing to get RDP working without wasting a whole evening on it.

First, the basic enable step:

  1. Open Settings.
  2. Go to System.
  3. Open Remote Desktop.
  4. Flip the Remote Desktop switch to On.
  5. Make sure the option for Network Level Authentication is checked. If it is off, most newer RDP clients complain or refuse to connect.

Couple of small but important things I messed up the first time:

  • The Windows account you log in with needs a password. No password, no RDP.
  • Your user needs permission. Easiest way is to hit “Select users that can remotely access this PC” in the same Remote Desktop screen and add your account. That puts you in the Remote Desktop Users group.

Windows usually offers to open the firewall when you enable Remote Desktop. I clicked Yes. If you hit No or missed it:

  1. Open Start, type “Windows Defender Firewall with Advanced Security”.
  2. Check Inbound Rules for “Remote Desktop – User Mode (TCP-In)” and “Remote Desktop – User Mode (UDP-In)”.
  3. Make sure they are enabled for the right profile (Private, Domain, or Public, depending on your network).

That got me working on the local network. Over the internet took more work.

What I had to do for external access:

  • Locked the PC to a static IP in my router’s DHCP settings. Find the PC’s MAC address and reserve an IP so it does not change.
  • On the router, forwarded TCP port 3389 to that static IP of the Windows box.
  • Checked that the ISP was not blocking 3389. Some cheap ISP plans block common ports. I verified with an external port check tool from my phone on mobile data.

If you still hit “cannot connect”:

  • Test RDP from another machine on the same local network first using the internal IP. If local fails, the router is not the issue.
  • Turn off any third‑party firewall or “security suite” for a moment and try again.
  • Confirm the PC is not asleep or hibernating. RDP will not wake it. Set Power & sleep so it stays on if you plan to use it remotely.

If you want a click‑by‑click walkthrough with screenshots and more details on firewall and router bits, this writeup helped me finish it:

1 Like
3

First hard check before anything else: Windows edition.

Remote Desktop host only works on:

  • Windows 11 Pro
  • Windows 11 Pro for Workstations
  • Windows 11 Enterprise
  • Windows 11 Education

If you run Home, the built‑in RDP server is disabled. You still connect out from it, but not into it. That trips a lot of people. To check fast:

  1. Press Win + R.
  2. Type winver, hit Enter.
  3. Look at the line with “Windows 11 …”. If it says Home, you hit that wall.

If you are on Home and you want remote access, you have a few options:

  1. Use Remote Desktop alternative
  • Chrome Remote Desktop.
  • AnyDesk.
  • RustDesk.
  • TeamViewer.
    These work on Home, do not need router rules in simple setups, and are easier for over‑the‑internet use. Security depends on vendor, so read their docs.
  1. Use VPN plus RDP from another machine
    If you have another box that runs Pro or a NAS/router that supports VPN:
  • Set up WireGuard or OpenVPN on your router or NAS.
  • Connect your laptop to the VPN when away.
  • Then RDP to the internal IP of the Windows 11 PC if you later upgrade it to Pro.
    This keeps port 3389 closed on the public side, which reduces attack surface.
  1. Upgrade to Pro if you want proper RDP host
    Sometimes Microsoft Store runs discounts. From Home to Pro, you go:
  • Settings.
  • System.
  • Activation.
  • Change product key or Go to Store.

I disagree a bit with @mikeappsreviewer on port forwarding as a default step. Directly exposing 3389 to the internet is risky. If you forward 3389:

  • Use a strong password or better, an account backed by Microsoft Account with strong password.
  • Turn on Account lockout policy so brute force gets blocked.
    • Run secpol.msc.
    • Account Policies, Account Lockout Policy.
    • Set lockout threshold to a low number, like 5 attempts.
  • Change the listening port from 3389 to something else to cut noise.
    • Open regedit.
    • Go to HKLM\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp.
    • Edit “PortNumber”, switch to decimal, set something like 3391.
    • Open that port in firewall and router instead.
    • Restart the PC or the Remote Desktop Services service.

If you are on Pro and already flipped the “Remote Desktop” switch like @mikeappsreviewer described, but still fail from outside:

Quick checklist that often fixes stuff:

  1. Confirm the user is allowed
  • Your user must be local admin or in Remote Desktop Users.
  • If you use a Microsoft Account, try using it in the form:
  • If you renamed the user folder, ignore that, the account name matters.
  1. Check NLA edge cases
    NLA is good, but some older phones or thin clients fail with it.
  • For testing on a secure home LAN, you can uncheck “Require devices to use Network Level Authentication” and see if it suddenly works.
  • If it works only with NLA off, your client device is the weak link.
  1. Power and sleep
    RDP does not wake from sleep on most setups.
  • Settings.
  • System.
  • Power & battery.
  • Set Screen to turn off after some time, but set Sleep to “Never” while plugged in.
  • Disable “Hibernate” if you use it.
  1. Network type
    If your PC network profile is Public, firewall rules might block RDP.
  • Settings.
  • Network & internet.
  • Click your network.
  • Set it to Private.
  1. Double NAT and ISP restrictions
    Even if you forward port 3389, double NAT kills access. Common with ISP‑provided routers plus your own router.

Simple check:

  • On your PC, visit whatismyip.com and note the IP.
  • On your router status page, look at the WAN IP.
  • If they differ a lot, like WAN IP is 10.x.x.x or 100.64.x.x, you are behind CGNAT or double NAT.
    In that case, classic port forwarding fails. You need either:
  • A VPN server you control.
  • A remote tool that uses outbound connections, like Chrome Remote Desktop.

I agree with @mikeappsreviewer about first testing inside your LAN. Do this order:

  1. From the target PC, run:
    • cmd
    • type: hostname
    • note the name.
  2. From another PC on same Wi‑Fi, open Remote Desktop client.
    • Type the hostname or the internal IP from ipconfig.
  3. If that fails, router is not the issue. Focus on Windows settings, user, firewall, edition.

Once you confirm:

  • You run a supported edition.
  • Local RDP works.
  • User and password are correct.
    then decide if you want to expose RDP or go VPN or a third‑party tool. For a home setup, VPN or Chrome Remote Desktop tends to be less painful and a bit safer than raw 3389 on the internet.
4

Couple of angles I haven’t seen in @mikeappsreviewer or @himmelsjager’s posts that might explain “I turned it on but it still won’t work”.

  1. Check how you’re trying to log in
    If you use a Microsoft account on the PC (email + password), on the RDP client you should usually type the username as:
  • your_email@outlook.com
    If that fails, try the local-style format:
  • PCNAME\your_local_username
    You can see the exact account name by:
  • Win + R → netplwiz → look in the list of users.
    Wrong username format is a super common silent failure.

  1. Fast User Switching / concurrent sessions
    Windows 11 “normal” RDP will take over the active console session, it doesn’t give you a second desktop. So if someone is sitting at that machine, they’ll be kicked back to the login screen when you connect. That’s expected, not a bug.
    If you’re testing and keep getting bounced, make sure you’re not fighting yourself by logging in/out locally at the same time.

  2. Credential cache & weird errors
    If you changed your password recently:

  • On the client, open Credential Manager
  • Windows Credentials → remove any saved entry for that PC
    Try again and retype the creds. Otherwise it keeps retrying the old password and just says “can’t connect” like a jerk.
  1. RDP service actually running
    Even with the toggle enabled, I’ve seen the service get stuck. Quick check:
  • Win + R → services.msc
  • Find “Remote Desktop Services”
  • Status should be “Running”, Startup type “Manual (Trigger Start)” or “Automatic”.
    If not, start it. If it errors, that’s a sign something deeper is broken (corrupted update, hardening tool, etc).

  1. Third party AV / “security suites”
    Not just firewall: some of them have explicit “remote access protection” that blocks RDP even when the Windows firewall rules look fine. In those tools look for toggles like “RDP protection”, “remote control protection”, “brute force protection”. Temporarily fully disabling the suite, not just the AV, is the way to test.

  2. Using a non‑default port correctly
    If you followed advice to change the RDP port (I tend to agree with @himmelsjager on not exposing 3389 directly) you must connect as:

  • public_ip:port from outside
  • internal_ip:port from inside
    and update both the firewall rule and the router forward to the same port. Easy to mis-match one of those and spend an hour swearing at Windows.

  1. Home vs Pro “workaround” reality check
    If your winver says “Home”: the built‑in RDP host is off. You’ll see some hacks online that claim to “unlock” it by replacing DLLs or using sketchy scripts. Personal opinion: not worth it. It tends to break on every cumulative update, and you end up debugging RDP more than using it. At that point a simple tool like Chrome Remote Desktop or RustDesk is less pain.

  2. If your goal is “away from home” only
    Honestly, for a pure “I just want to get into this box from outside occasionally” scenario, I’d:

  • Make sure local RDP works first (as @mikeappsreviewer said)
  • Then strongly consider:
    • VPN into home and then RDP
      or
    • A brokered tool that uses outbound-only connections
      Directly forwarding RDP out to the internet can be secured, but for a home box that’s updated sporadically and might sit on 24/7, it’s a magnet for bots.

If you post what edition winver shows and exactly how you’re trying to log in (format of username, local vs internet, port or hostname), it’s a lot easier to narrow down which part is actually breaking.