Refer to GPT and your own ideas, to the above requirements, you can follow the following steps to configure:
1 Enabling the remote desktop and authorizing the Remote account to access the remote desktop
On the server, open the System Properties dialog box and click the Remote TAB.
Select the Allow Remote connection to this computer option and ensure that the Remote Desktop option is checked.
Click the "Select User" button to add the remote account to the list of remote users and authorize it for remote desktop access.
2 Disable the local login of the remote account, disable the remote shutdown permission of the remote account, and hide the Disconnect option in the power dialog box.
On the server, open the Local Security Policy dialog box, and choose Local Policy → User Rights Assignment.
Locate the Local Login and remote Shutdown permissions and remove the remote account from the permission list.
In the Group Policy Editor, choose User Configuration → Administration Templates → Start Menu and Taskbar, locate the Remove Disconnections from Start Menu and Taskbar option, and enable it.
3 Setting no time Limit for Remote Desktop connection
Open Group Policy Editor, and choose Computer Configuration → Administrative Templates → Windows Components → Remote Desktop Services → Remote Desktop Session Host.
Find Connection Timeout Limit and disable it or set it to 0(unlimited).
4 Enable inbound and outbound connections to port 3389 of the remote desktop and block inbound connections to shared port 139,445 and high-risk port 137,138. Use the port number naming rule
to open the Advanced Security application on the server and select Inbound Rules.
Create a rule to allow TCP connections from port 3389.
Create a new rule to block TCP and UDP connections from ports 139 and 445.
Create a new rule to block UDP connections from ports 137 and 138.
5 In firewall inbound rules, disallow predefined files and printers to share connections
Open the Advanced Security application on the server and select Inbound Rules.
Locate the File and Printer Sharing(SMB-In) rule and disable it or remove it.
After the above configuration, you can manage the server remotely and ensure the security of the system.