[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More


How to activate RemoteDesktop on a 2012 Server in Powershell Remoteshell

Published on
11,688 Points
3 Endorsements
Last Modified:
My GPO's made for 2008 R2 servers were not allowing me to RDP into a new 2012 server by default.  That’s why I tried to allow RDP via Powershell, because I could log into a remote shell without further configuration.
Below I will describe how I went step by step to find and change the necessary setting.

In a NON-Admin session, one of the first things I do, is to save my admin credentials.
$cred = Get-Crendetials

Open in new window

A window will open and you can enter your admin-user credentials and now they are stored in $cred and there is no need to enter them over and over again.

Now I connect to the server where I want to enable the RDP connection:
Note: IP addresses will not work here
Enter-PSSession servername -Credential $cred

Open in new window

The PSDrive cmdlet shows me the available providers I can connect to, filesystem, Registry, ActiveDirectory or Certificate Store by default for example.

Open in new window

Output example:
Name           Used (GB)     Free (GB) Provider      Root
----           ---------     --------- --------      ----
Alias                                  Alias
C                 402,81         46,34 FileSystem    C:\ 		-> Filesystem
Cert                                   Certificate   \			-> Certificate Store 
HKCU                                   Registry      HKEY_CURRENT_USER 	-> Registry
HKLM                                   Registry      HKEY_LOCAL_MACHINE	-> Registry

Open in new window

I was interested in editing the Registry, that's why I connect to HKEY_LOCAL_MACHINE:
cd HKLM:

Open in new window

I don't remember the exact location, where to find the Registry entry that will allow the RDP connection, but it was under "Control":
cd '.\SYSTEM\CurrentControlSet\Control

Open in new window

This was the part I could remember, now I have to search for the missing pattern, because it was something like *Fdeny*:
ls -Recurse -ea SilentlyContinue | where-object {($_.property -LIKE "*fdeny*")}

Open in new window

    Hive: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control

Name                           Property
----                           --------
Terminal Server                RCDependentServices   : {CertPropSvc, SessionEnv}
                               NotificationTimeOut   : 0
                               SnapshotMonitors      : 1
                               ProductVersion        : 5.1
                               AllowRemoteRPC        : 0
                               DelayConMgrTimeout    : 0
                              [b] fDenyTSConnections    : 1[/b]
                               StartRCM              : 0
                               TSAdvertise           : 0
                               DeleteTempDirsOnExit  : 1
                               fSingleSessionPerUser : 1
                               PerSessionTempDir     : 0
                               TSUserEnabled         : 0
                               InstanceID            : b667f9ec-e8ba-46a5-9c1b-5efdb5b

Open in new window

This helps! It is the fDenyTSConnections Property I need to change!

LS or Get-ChildItem will only help you to browse through the different Registry keys, but it will not show you the properties of the "Terminal Server" key! You need to execute Get-ItemProperty '.\Terminal Server' to view the "fDenyTSConnections" Property and its Value.

Finally I can change the RDP connection settings on my server:
Set-ItemProperty -Path '.\Terminal Server' -name fDenyTSConnections -Value 0

Open in new window

Again Get-ItemProperty '.\Terminal Server' can help to verify the changes.

Probably you'll have to allow RDP in your local firewall now. We are doing that again with Powershell, because in future versions of Windows, Microsoft might remove the Netsh functionality for Windows Firewall with Advanced Security.
Before, we worked with NETSH:
netsh advfirewall firewall set rule group="Remote Desktop" new enable=Yes

Open in new window

Note that in some languages you have to use "remotedesktop" instead.
Now, we have to start using cmdlets to configure "Windows Firewall with Advanced Security" and a lot of other stuff! (again, it's "remotedesktop" in some languages):
Set-NetFirewallRule -DisplayGroup "Remote Desktop" -Enabled True

Open in new window

Important: If you only want to change a single rule (not a group), the names/descriptions/translations of some of them changed in 2012 Server!

RDP should be up and running now.
Author:Felix Leven

Featured Post

Exploring SharePoint 2016

Explore SharePoint 2016, the web-based, collaborative platform that integrates with Microsoft Office to provide intranets, secure document management, and collaboration so you can develop your online and offline capabilities.

In this Micro Tutorial viewers will learn how to restore their server from Bare Metal Backup image created with Windows Server Backup feature. As an example Windows 2012R2 is used.
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month