Did you know that there are three ways to apply a firewall setting via group policy to enable remote desktop on Windows 7?
The incorrect way is to add a predefined rule manually via the security settings GPO. This is wrong because different versions of Windows call the the remote desktop firewall setting by a different name and the name on your AD server is likely different from the Windows 7 PC. Of course, you could be managing group policy from a Windows 7 machine running the RSAT Tools, but obviously this is asking for trouble later when the OS is upgraded or more PCs are put into the OU with different operating systems.
A better way would be to make the rule (rather than use a predefined rule) to unblock port 3389 using Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Windows Firewall with Advanced Security -> Windows Firewall with Advanced Security -> Inbound Rules.