<

How to activate RemoteDesktop on a 2012 Server in Powershell Remoteshell

Published on
11,482 Points
5,182 Views
3 Endorsements
Last Modified:
Approved
My GPO's made for 2008 R2 servers were not allowing me to RDP into a new 2012 server by default.  That’s why I tried to allow RDP via Powershell, because I could log into a remote shell without further configuration.
Below I will describe how I went step by step to find and change the necessary setting.

In a NON-Admin session, one of the first things I do, is to save my admin credentials.
$cred = Get-Crendetials

Open in new window

A window will open and you can enter your admin-user credentials and now they are stored in $cred and there is no need to enter them over and over again.

Now I connect to the server where I want to enable the RDP connection:
Note: IP addresses will not work here
Enter-PSSession servername -Credential $cred

Open in new window

The PSDrive cmdlet shows me the available providers I can connect to, filesystem, Registry, ActiveDirectory or Certificate Store by default for example.
Get-PSDrive

Open in new window


Output example:
Name           Used (GB)     Free (GB) Provider      Root
----           ---------     --------- --------      ----
Alias                                  Alias
C                 402,81         46,34 FileSystem    C:\ 		-> Filesystem
Cert                                   Certificate   \			-> Certificate Store 
HKCU                                   Registry      HKEY_CURRENT_USER 	-> Registry
HKLM                                   Registry      HKEY_LOCAL_MACHINE	-> Registry

Open in new window

I was interested in editing the Registry, that's why I connect to HKEY_LOCAL_MACHINE:
cd HKLM:

Open in new window

I don't remember the exact location, where to find the Registry entry that will allow the RDP connection, but it was under "Control":
cd '.\SYSTEM\CurrentControlSet\Control

Open in new window

This was the part I could remember, now I have to search for the missing pattern, because it was something like *Fdeny*:
ls -Recurse -ea SilentlyContinue | where-object {($_.property -LIKE "*fdeny*")}

Open in new window

Output:
    Hive: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control

Name                           Property
----                           --------
Terminal Server                RCDependentServices   : {CertPropSvc, SessionEnv}
                               NotificationTimeOut   : 0
                               SnapshotMonitors      : 1
                               ProductVersion        : 5.1
                               AllowRemoteRPC        : 0
                               DelayConMgrTimeout    : 0
                              [b] fDenyTSConnections    : 1[/b]
                               StartRCM              : 0
                               TSAdvertise           : 0
                               DeleteTempDirsOnExit  : 1
                               fSingleSessionPerUser : 1
                               PerSessionTempDir     : 0
                               TSUserEnabled         : 0
                               InstanceID            : b667f9ec-e8ba-46a5-9c1b-5efdb5b

Open in new window

This helps! It is the fDenyTSConnections Property I need to change!

LS or Get-ChildItem will only help you to browse through the different Registry keys, but it will not show you the properties of the "Terminal Server" key! You need to execute Get-ItemProperty '.\Terminal Server' to view the "fDenyTSConnections" Property and its Value.

Finally I can change the RDP connection settings on my server:
Set-ItemProperty -Path '.\Terminal Server' -name fDenyTSConnections -Value 0

Open in new window

Again Get-ItemProperty '.\Terminal Server' can help to verify the changes.

Probably you'll have to allow RDP in your local firewall now. We are doing that again with Powershell, because in future versions of Windows, Microsoft might remove the Netsh functionality for Windows Firewall with Advanced Security.
Before, we worked with NETSH:
netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes

Open in new window

Note that in some languages you have to use "remotedesktop" instead.
Now, we have to start using cmdlets to configure "Windows Firewall with Advanced Security" and a lot of other stuff! (again, it's "remotedesktop" in some languages):
Set-NetFirewallRule -DisplayGroup "Remote Desktop" -Enabled True

Open in new window


Important: If you only want to change a single rule (not a group), the names/descriptions/translations of some of them changed in 2012 Server!


RDP should be up and running now.
3
Comment
Author:Felix Leven
0 Comments

Featured Post

Get expert help—faster!

Need expert help—fast? Use the Help Bell for personalized assistance getting answers to your important questions.

Join & Write a Comment

In this Micro Tutorial viewers will learn how to use Windows Server Backup to create full image of their system. Tutorial shows how to install Windows Server Backup Feature on Windows 2012R2 and how to configure scheduled Bare Metal Recovery backup.…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month