To enable Remote Desktop on a Windows Server 2012 R2 that is part of a domain, create a GPO called "Remote Desktop" and configure it with these settings in the Computer Configuration:
Still in the Computer Configuration area of the GPO, edit the firewall by visiting Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security, and add the Predefined Inbound rule for Remote Desktop, like this:
So, after adding this, you'll end up with all inbound traffic to RDP 3389 open, which is just what Remote Desktop needs
Of course, you only need to do the above if your Firewall is on, which I really hope so!
That's it, run "gpupdate" or "Group Policy Update..." on the OU affected using Group Policy Management, and off you go :)
Remember: a reboot does not mean that the GPO is updated! Ensure you run gpupdate or similar
London, 12 April 2020