Solved

Powershell script to enable RDP on Windows 7

Posted on 2012-03-12
9
1,156 Views
Last Modified: 2012-03-13
Hello Experts,

Has anyone got a PowerShell v2 script to enable RDP on a remote Windows 7 workstation?

Regards

Mark
0
Comment
Question by:afrokiwi
  • 5
  • 4
9 Comments
 
LVL 6

Expert Comment

by:NikolasG
ID: 37708906
Hello,
It exists in microsoft library

http://gallery.technet.microsoft.com/scriptcenter/Remotely-Enable-RDP-855c3842

if you want to run something locally then try
Function Set-RemoteDesktopConfig
{Param ([switch]$LowSecurity, [switch]$disable) 
 if ($Disable) {
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'`
                        -name "fDenyTSConnections" -Value 1 -erroraction silentlycontinue 
       if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                                      -name "fDenyTSConnections"  -Value 1 -PropertyType dword }
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' `
                        -name "UserAuthentication" -Value 1 -erroraction silentlycontinue
      if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 -PropertyType dword} 
     } 
else {
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                        -name "fDenyTSConnections" -Value 0 -erroraction silentlycontinue
        if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                                      -name "fDenyTSConnections" -Value 0 -PropertyType dword } 
       if ($LowSecurity) {
           set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'`
                                               -name "UserAuthentication" -Value 0 -erroraction silentlycontinue 
        if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'`
                                          -name "UserAuthentication" -Value 0 -PropertyType dword}
          }

     } 

}

Function Get-RemoteDesktopConfig
{if ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server').fDenyTSConnections -eq 1)

          {"Connections not allowed"}

 elseif ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp').UserAuthentication -eq 1)
         {"Only Secure Connections allowed"} 

 else     {"All Connections allowed"}

} 


Get-RemoteDesktopConfig
Set-RemoteDesktopConfig -disable /if you want to disable
Get-RemoteDesktopConfig
Set-RemoteDesktopConfig -LowSecurity /if you want low security
Get-RemoteDesktopConfig

Open in new window


Hope it helps.
0
 

Author Comment

by:afrokiwi
ID: 37708956
Hi NikolasG,

Thanks for the quick response.

I have seen the script from http://gallery.technet.microsoft.com/scriptcenter/Remotely-Enable-RDP-855c3842 but i can’t get it to run from a W7 machine with Powershell 2 installed.

It doesn’t fail or return any results.

I assume WinRm is installed on my pc.

Any ideas what I am doing wrong? .. and yes I am running it from AD Powershell with admin writes.

Regards

mark
0
 
LVL 6

Expert Comment

by:NikolasG
ID: 37709065
Can you try running the sample that I wrote?
that one will display the status of rdp before and after the changes.
The change on it's own doesn't display anything so it's not a bad thing that you have no results when you run it.

Please feed back.
0
 

Author Comment

by:afrokiwi
ID: 37709070
if i run yours .. this is what i get and i am unable to remote the pc :-(

PS C:\temp\Powershell> .\Set-RemoteDesktopConfig.ps1
Connections not allowed
Connections not allowed
All Connections allowed
PS C:\temp\Powershell>
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 6

Expert Comment

by:NikolasG
ID: 37709141
First of all the script that I gave you affects the local pc. (so now you enabled rdp on the computer that you run it)
what the scritpt  do is :

41 : Get-RemoteDesktopConfig
42: Set-RemoteDesktopConfig -disable /if you want to disable
43 :Get-RemoteDesktopConfig
44: Set-RemoteDesktopConfig -LowSecurity /if you want low security
45:Get-RemoteDesktopConfig

Line 41 prints the current status (not allowed in your case)
line 42 dissables rdp line 43 prints again the current status (the same 2nd not allowed)
line 44 enables rdp line 45 prints again the current status (all Connections allowed)

so you can use the script that I gave you putting ass remarks lines 41-43 and you ll have what you asked.

Hope it helps.
0
 

Author Comment

by:afrokiwi
ID: 37709481
Hi NikolasG

I understand that your script modifies the registry on a local machine.

Are you sure this is the right registry hive?

'HKLM:\System\CurrentControlSet\Control\Terminal Server'

I was under the impression for W7 it is the following hive?

'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’

These are AD windows 7 computers.

Just to clarify, I am after a PowerShell script that will enable RDP on a REMOTE windows 7 PC connected to AD.

Regards

Mark
0
 
LVL 6

Accepted Solution

by:
NikolasG earned 500 total points
ID: 37710105
From the test that I made in my win7 machine these are the correct registry hives.

The script from the link that is on my first answer is working on AD and win7 computers as it's writers says
if you want more a more light script then you could also use the following
# file rdpstatus.ps1
param(
   [string] $computername ,
   [switch]$enable, 
   [switch]$disable,
   [switch]$check
    )

	
Function Enable-RDPRemote{

Param ($ComputerName)

	Write-Host "Modifying Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
    $regkey.SetValue('fDenyTSConnections','0','DWord')   
    Write-Host "RDP is enabled in Remote Registry on machine: $ComputerName" 

}

Function Disable-RDPRemote{
Param ($ComputerName)

	Write-Host "Modifying Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
    $regkey.SetValue('fDenyTSConnections','1','DWord')   
    Write-Host "RDP is disabled in Remote Registry on machine: $ComputerName" 
}


Function Read-RDPRemote{

Param ($ComputerName)

	Write-Host "Checking Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
  	if ($regkey.GetValue('fDenyTSConnections') -eq 0){ Write-Host "RDP is enabled in Remote Registry on machine: $ComputerName" }
	else {Write-Host "RDP is disabled in Remote Registry on machine: $ComputerName"}

}


if ($disable){
Disable-RDPRemote $computername
}

if($enable){
Enable-RDPRemote $computername
}

if($check){
Read-RDPRemote $computername
}

Open in new window


it is working in AD you can call it with the parameter that you need in order to check enable or disable rdp in a computer.
usage
.\rdpstatus.ps1 computer -check
.\rdpstatus.ps1 computer -enable
.\rdpstatus.ps1 computer -disable

Hope its what you need.
0
 

Author Comment

by:afrokiwi
ID: 37713420
Hi NikolasG

Didn’t work until i changed the reg path too:

SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services

Suspect this is because we enforce no access via GPO.

Thanks for this, all I have to do now is work out how to pass admin credentials.

Full points awarded …

Mark
0
 
LVL 6

Expert Comment

by:NikolasG
ID: 37713479
Hi again,
If you are in a domain and you have domain admin role on the user you are using or use a user with domain admin rights or start powershell with runas and use a domain admin user the above script is going to work without asking for admin credentials.
Interesting the fact that it uses a different reg path I ll keep it in mind for the future.
Hope it helps.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

In this previous article (https://oddytee.wordpress.com/2016/05/05/provision-new-office-365-user-and-mailbox-from-exchange-hybrid-via-powershell/), we made basic license assignments to users in O365. When I say basic, the method is the simplest way …
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…
This Micro Tutorial will give you a introduction in two parts how to utilize Windows Live Movie Maker to its maximum editing capability. This will be demonstrated using Windows Live Movie Maker on Windows 7 operating system.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now