Solved

Powershell script to enable RDP on Windows 7

Posted on 2012-03-12
9
1,181 Views
Last Modified: 2012-03-13
Hello Experts,

Has anyone got a PowerShell v2 script to enable RDP on a remote Windows 7 workstation?

Regards

Mark
0
Comment
Question by:afrokiwi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 6

Expert Comment

by:NikolasG
ID: 37708906
Hello,
It exists in microsoft library

http://gallery.technet.microsoft.com/scriptcenter/Remotely-Enable-RDP-855c3842

if you want to run something locally then try
Function Set-RemoteDesktopConfig
{Param ([switch]$LowSecurity, [switch]$disable) 
 if ($Disable) {
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'`
                        -name "fDenyTSConnections" -Value 1 -erroraction silentlycontinue 
       if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                                      -name "fDenyTSConnections"  -Value 1 -PropertyType dword }
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' `
                        -name "UserAuthentication" -Value 1 -erroraction silentlycontinue
      if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 -PropertyType dword} 
     } 
else {
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                        -name "fDenyTSConnections" -Value 0 -erroraction silentlycontinue
        if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                                      -name "fDenyTSConnections" -Value 0 -PropertyType dword } 
       if ($LowSecurity) {
           set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'`
                                               -name "UserAuthentication" -Value 0 -erroraction silentlycontinue 
        if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'`
                                          -name "UserAuthentication" -Value 0 -PropertyType dword}
          }

     } 

}

Function Get-RemoteDesktopConfig
{if ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server').fDenyTSConnections -eq 1)

          {"Connections not allowed"}

 elseif ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp').UserAuthentication -eq 1)
         {"Only Secure Connections allowed"} 

 else     {"All Connections allowed"}

} 


Get-RemoteDesktopConfig
Set-RemoteDesktopConfig -disable /if you want to disable
Get-RemoteDesktopConfig
Set-RemoteDesktopConfig -LowSecurity /if you want low security
Get-RemoteDesktopConfig

Open in new window


Hope it helps.
0
 

Author Comment

by:afrokiwi
ID: 37708956
Hi NikolasG,

Thanks for the quick response.

I have seen the script from http://gallery.technet.microsoft.com/scriptcenter/Remotely-Enable-RDP-855c3842 but i can’t get it to run from a W7 machine with Powershell 2 installed.

It doesn’t fail or return any results.

I assume WinRm is installed on my pc.

Any ideas what I am doing wrong? .. and yes I am running it from AD Powershell with admin writes.

Regards

mark
0
 
LVL 6

Expert Comment

by:NikolasG
ID: 37709065
Can you try running the sample that I wrote?
that one will display the status of rdp before and after the changes.
The change on it's own doesn't display anything so it's not a bad thing that you have no results when you run it.

Please feed back.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 

Author Comment

by:afrokiwi
ID: 37709070
if i run yours .. this is what i get and i am unable to remote the pc :-(

PS C:\temp\Powershell> .\Set-RemoteDesktopConfig.ps1
Connections not allowed
Connections not allowed
All Connections allowed
PS C:\temp\Powershell>
0
 
LVL 6

Expert Comment

by:NikolasG
ID: 37709141
First of all the script that I gave you affects the local pc. (so now you enabled rdp on the computer that you run it)
what the scritpt  do is :

41 : Get-RemoteDesktopConfig
42: Set-RemoteDesktopConfig -disable /if you want to disable
43 :Get-RemoteDesktopConfig
44: Set-RemoteDesktopConfig -LowSecurity /if you want low security
45:Get-RemoteDesktopConfig

Line 41 prints the current status (not allowed in your case)
line 42 dissables rdp line 43 prints again the current status (the same 2nd not allowed)
line 44 enables rdp line 45 prints again the current status (all Connections allowed)

so you can use the script that I gave you putting ass remarks lines 41-43 and you ll have what you asked.

Hope it helps.
0
 

Author Comment

by:afrokiwi
ID: 37709481
Hi NikolasG

I understand that your script modifies the registry on a local machine.

Are you sure this is the right registry hive?

'HKLM:\System\CurrentControlSet\Control\Terminal Server'

I was under the impression for W7 it is the following hive?

'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’

These are AD windows 7 computers.

Just to clarify, I am after a PowerShell script that will enable RDP on a REMOTE windows 7 PC connected to AD.

Regards

Mark
0
 
LVL 6

Accepted Solution

by:
NikolasG earned 500 total points
ID: 37710105
From the test that I made in my win7 machine these are the correct registry hives.

The script from the link that is on my first answer is working on AD and win7 computers as it's writers says
if you want more a more light script then you could also use the following
# file rdpstatus.ps1
param(
   [string] $computername ,
   [switch]$enable, 
   [switch]$disable,
   [switch]$check
    )

	
Function Enable-RDPRemote{

Param ($ComputerName)

	Write-Host "Modifying Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
    $regkey.SetValue('fDenyTSConnections','0','DWord')   
    Write-Host "RDP is enabled in Remote Registry on machine: $ComputerName" 

}

Function Disable-RDPRemote{
Param ($ComputerName)

	Write-Host "Modifying Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
    $regkey.SetValue('fDenyTSConnections','1','DWord')   
    Write-Host "RDP is disabled in Remote Registry on machine: $ComputerName" 
}


Function Read-RDPRemote{

Param ($ComputerName)

	Write-Host "Checking Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
  	if ($regkey.GetValue('fDenyTSConnections') -eq 0){ Write-Host "RDP is enabled in Remote Registry on machine: $ComputerName" }
	else {Write-Host "RDP is disabled in Remote Registry on machine: $ComputerName"}

}


if ($disable){
Disable-RDPRemote $computername
}

if($enable){
Enable-RDPRemote $computername
}

if($check){
Read-RDPRemote $computername
}

Open in new window


it is working in AD you can call it with the parameter that you need in order to check enable or disable rdp in a computer.
usage
.\rdpstatus.ps1 computer -check
.\rdpstatus.ps1 computer -enable
.\rdpstatus.ps1 computer -disable

Hope its what you need.
0
 

Author Comment

by:afrokiwi
ID: 37713420
Hi NikolasG

Didn’t work until i changed the reg path too:

SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services

Suspect this is because we enforce no access via GPO.

Thanks for this, all I have to do now is work out how to pass admin credentials.

Full points awarded …

Mark
0
 
LVL 6

Expert Comment

by:NikolasG
ID: 37713479
Hi again,
If you are in a domain and you have domain admin role on the user you are using or use a user with domain admin rights or start powershell with runas and use a domain admin user the above script is going to work without asking for admin credentials.
Interesting the fact that it uses a different reg path I ll keep it in mind for the future.
Hope it helps.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A brief introduction to what I consider to be the best editor for PowerShell.
In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question