Improve company productivity with a Business Account.Sign Up

x
?
Solved

Powershell script to enable RDP on Windows 7

Posted on 2012-03-12
9
Medium Priority
?
1,257 Views
Last Modified: 2012-03-13
Hello Experts,

Has anyone got a PowerShell v2 script to enable RDP on a remote Windows 7 workstation?

Regards

Mark
0
Comment
Question by:afrokiwi
  • 5
  • 4
9 Comments
 
LVL 6

Expert Comment

by:NikolasG
ID: 37708906
Hello,
It exists in microsoft library

http://gallery.technet.microsoft.com/scriptcenter/Remotely-Enable-RDP-855c3842

if you want to run something locally then try
Function Set-RemoteDesktopConfig
{Param ([switch]$LowSecurity, [switch]$disable) 
 if ($Disable) {
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'`
                        -name "fDenyTSConnections" -Value 1 -erroraction silentlycontinue 
       if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                                      -name "fDenyTSConnections"  -Value 1 -PropertyType dword }
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' `
                        -name "UserAuthentication" -Value 1 -erroraction silentlycontinue
      if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 -PropertyType dword} 
     } 
else {
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                        -name "fDenyTSConnections" -Value 0 -erroraction silentlycontinue
        if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                                      -name "fDenyTSConnections" -Value 0 -PropertyType dword } 
       if ($LowSecurity) {
           set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'`
                                               -name "UserAuthentication" -Value 0 -erroraction silentlycontinue 
        if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'`
                                          -name "UserAuthentication" -Value 0 -PropertyType dword}
          }

     } 

}

Function Get-RemoteDesktopConfig
{if ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server').fDenyTSConnections -eq 1)

          {"Connections not allowed"}

 elseif ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp').UserAuthentication -eq 1)
         {"Only Secure Connections allowed"} 

 else     {"All Connections allowed"}

} 


Get-RemoteDesktopConfig
Set-RemoteDesktopConfig -disable /if you want to disable
Get-RemoteDesktopConfig
Set-RemoteDesktopConfig -LowSecurity /if you want low security
Get-RemoteDesktopConfig

Open in new window


Hope it helps.
0
 

Author Comment

by:afrokiwi
ID: 37708956
Hi NikolasG,

Thanks for the quick response.

I have seen the script from http://gallery.technet.microsoft.com/scriptcenter/Remotely-Enable-RDP-855c3842 but i can’t get it to run from a W7 machine with Powershell 2 installed.

It doesn’t fail or return any results.

I assume WinRm is installed on my pc.

Any ideas what I am doing wrong? .. and yes I am running it from AD Powershell with admin writes.

Regards

mark
0
 
LVL 6

Expert Comment

by:NikolasG
ID: 37709065
Can you try running the sample that I wrote?
that one will display the status of rdp before and after the changes.
The change on it's own doesn't display anything so it's not a bad thing that you have no results when you run it.

Please feed back.
0
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

 

Author Comment

by:afrokiwi
ID: 37709070
if i run yours .. this is what i get and i am unable to remote the pc :-(

PS C:\temp\Powershell> .\Set-RemoteDesktopConfig.ps1
Connections not allowed
Connections not allowed
All Connections allowed
PS C:\temp\Powershell>
0
 
LVL 6

Expert Comment

by:NikolasG
ID: 37709141
First of all the script that I gave you affects the local pc. (so now you enabled rdp on the computer that you run it)
what the scritpt  do is :

41 : Get-RemoteDesktopConfig
42: Set-RemoteDesktopConfig -disable /if you want to disable
43 :Get-RemoteDesktopConfig
44: Set-RemoteDesktopConfig -LowSecurity /if you want low security
45:Get-RemoteDesktopConfig

Line 41 prints the current status (not allowed in your case)
line 42 dissables rdp line 43 prints again the current status (the same 2nd not allowed)
line 44 enables rdp line 45 prints again the current status (all Connections allowed)

so you can use the script that I gave you putting ass remarks lines 41-43 and you ll have what you asked.

Hope it helps.
0
 

Author Comment

by:afrokiwi
ID: 37709481
Hi NikolasG

I understand that your script modifies the registry on a local machine.

Are you sure this is the right registry hive?

'HKLM:\System\CurrentControlSet\Control\Terminal Server'

I was under the impression for W7 it is the following hive?

'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’

These are AD windows 7 computers.

Just to clarify, I am after a PowerShell script that will enable RDP on a REMOTE windows 7 PC connected to AD.

Regards

Mark
0
 
LVL 6

Accepted Solution

by:
NikolasG earned 2000 total points
ID: 37710105
From the test that I made in my win7 machine these are the correct registry hives.

The script from the link that is on my first answer is working on AD and win7 computers as it's writers says
if you want more a more light script then you could also use the following
# file rdpstatus.ps1
param(
   [string] $computername ,
   [switch]$enable, 
   [switch]$disable,
   [switch]$check
    )

	
Function Enable-RDPRemote{

Param ($ComputerName)

	Write-Host "Modifying Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
    $regkey.SetValue('fDenyTSConnections','0','DWord')   
    Write-Host "RDP is enabled in Remote Registry on machine: $ComputerName" 

}

Function Disable-RDPRemote{
Param ($ComputerName)

	Write-Host "Modifying Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
    $regkey.SetValue('fDenyTSConnections','1','DWord')   
    Write-Host "RDP is disabled in Remote Registry on machine: $ComputerName" 
}


Function Read-RDPRemote{

Param ($ComputerName)

	Write-Host "Checking Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
  	if ($regkey.GetValue('fDenyTSConnections') -eq 0){ Write-Host "RDP is enabled in Remote Registry on machine: $ComputerName" }
	else {Write-Host "RDP is disabled in Remote Registry on machine: $ComputerName"}

}


if ($disable){
Disable-RDPRemote $computername
}

if($enable){
Enable-RDPRemote $computername
}

if($check){
Read-RDPRemote $computername
}

Open in new window


it is working in AD you can call it with the parameter that you need in order to check enable or disable rdp in a computer.
usage
.\rdpstatus.ps1 computer -check
.\rdpstatus.ps1 computer -enable
.\rdpstatus.ps1 computer -disable

Hope its what you need.
0
 

Author Comment

by:afrokiwi
ID: 37713420
Hi NikolasG

Didn’t work until i changed the reg path too:

SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services

Suspect this is because we enforce no access via GPO.

Thanks for this, all I have to do now is work out how to pass admin credentials.

Full points awarded …

Mark
0
 
LVL 6

Expert Comment

by:NikolasG
ID: 37713479
Hi again,
If you are in a domain and you have domain admin role on the user you are using or use a user with domain admin rights or start powershell with runas and use a domain admin user the above script is going to work without asking for admin credentials.
Interesting the fact that it uses a different reg path I ll keep it in mind for the future.
Hope it helps.
0

Featured Post

Worried about phishing attacks?

90% of attacks start with a phish. It’s critical that IT admins and MSSPs have the right security in place to protect their end users from these phishing attacks. Check out our latest feature brief for tips and tricks to keep your employees off a hackers line!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

After a recent Outlook migration from a 2007 to 2010 environment, some issues with Distribution List owners were realized. In this article, I explain how that was rectified.
The PowerShell Core 6.0 of .NET release is just the beginning. The upcoming PowerShell Core 6.1 would have artificial intelligence and internet of things capabilities. So many things to look forward to in the upcoming release.
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

595 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question