Solved

Powershell script to enable RDP on Windows 7

Posted on 2012-03-12
9
1,192 Views
Last Modified: 2012-03-13
Hello Experts,

Has anyone got a PowerShell v2 script to enable RDP on a remote Windows 7 workstation?

Regards

Mark
0
Comment
Question by:afrokiwi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
9 Comments
 
LVL 6

Expert Comment

by:NikolasG
ID: 37708906
Hello,
It exists in microsoft library

http://gallery.technet.microsoft.com/scriptcenter/Remotely-Enable-RDP-855c3842

if you want to run something locally then try
Function Set-RemoteDesktopConfig
{Param ([switch]$LowSecurity, [switch]$disable) 
 if ($Disable) {
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'`
                        -name "fDenyTSConnections" -Value 1 -erroraction silentlycontinue 
       if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                                      -name "fDenyTSConnections"  -Value 1 -PropertyType dword }
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' `
                        -name "UserAuthentication" -Value 1 -erroraction silentlycontinue
      if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 -PropertyType dword} 
     } 
else {
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                        -name "fDenyTSConnections" -Value 0 -erroraction silentlycontinue
        if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                                      -name "fDenyTSConnections" -Value 0 -PropertyType dword } 
       if ($LowSecurity) {
           set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'`
                                               -name "UserAuthentication" -Value 0 -erroraction silentlycontinue 
        if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'`
                                          -name "UserAuthentication" -Value 0 -PropertyType dword}
          }

     } 

}

Function Get-RemoteDesktopConfig
{if ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server').fDenyTSConnections -eq 1)

          {"Connections not allowed"}

 elseif ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp').UserAuthentication -eq 1)
         {"Only Secure Connections allowed"} 

 else     {"All Connections allowed"}

} 


Get-RemoteDesktopConfig
Set-RemoteDesktopConfig -disable /if you want to disable
Get-RemoteDesktopConfig
Set-RemoteDesktopConfig -LowSecurity /if you want low security
Get-RemoteDesktopConfig

Open in new window


Hope it helps.
0
 

Author Comment

by:afrokiwi
ID: 37708956
Hi NikolasG,

Thanks for the quick response.

I have seen the script from http://gallery.technet.microsoft.com/scriptcenter/Remotely-Enable-RDP-855c3842 but i can’t get it to run from a W7 machine with Powershell 2 installed.

It doesn’t fail or return any results.

I assume WinRm is installed on my pc.

Any ideas what I am doing wrong? .. and yes I am running it from AD Powershell with admin writes.

Regards

mark
0
 
LVL 6

Expert Comment

by:NikolasG
ID: 37709065
Can you try running the sample that I wrote?
that one will display the status of rdp before and after the changes.
The change on it's own doesn't display anything so it's not a bad thing that you have no results when you run it.

Please feed back.
0
Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

 

Author Comment

by:afrokiwi
ID: 37709070
if i run yours .. this is what i get and i am unable to remote the pc :-(

PS C:\temp\Powershell> .\Set-RemoteDesktopConfig.ps1
Connections not allowed
Connections not allowed
All Connections allowed
PS C:\temp\Powershell>
0
 
LVL 6

Expert Comment

by:NikolasG
ID: 37709141
First of all the script that I gave you affects the local pc. (so now you enabled rdp on the computer that you run it)
what the scritpt  do is :

41 : Get-RemoteDesktopConfig
42: Set-RemoteDesktopConfig -disable /if you want to disable
43 :Get-RemoteDesktopConfig
44: Set-RemoteDesktopConfig -LowSecurity /if you want low security
45:Get-RemoteDesktopConfig

Line 41 prints the current status (not allowed in your case)
line 42 dissables rdp line 43 prints again the current status (the same 2nd not allowed)
line 44 enables rdp line 45 prints again the current status (all Connections allowed)

so you can use the script that I gave you putting ass remarks lines 41-43 and you ll have what you asked.

Hope it helps.
0
 

Author Comment

by:afrokiwi
ID: 37709481
Hi NikolasG

I understand that your script modifies the registry on a local machine.

Are you sure this is the right registry hive?

'HKLM:\System\CurrentControlSet\Control\Terminal Server'

I was under the impression for W7 it is the following hive?

'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’

These are AD windows 7 computers.

Just to clarify, I am after a PowerShell script that will enable RDP on a REMOTE windows 7 PC connected to AD.

Regards

Mark
0
 
LVL 6

Accepted Solution

by:
NikolasG earned 500 total points
ID: 37710105
From the test that I made in my win7 machine these are the correct registry hives.

The script from the link that is on my first answer is working on AD and win7 computers as it's writers says
if you want more a more light script then you could also use the following
# file rdpstatus.ps1
param(
   [string] $computername ,
   [switch]$enable, 
   [switch]$disable,
   [switch]$check
    )

	
Function Enable-RDPRemote{

Param ($ComputerName)

	Write-Host "Modifying Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
    $regkey.SetValue('fDenyTSConnections','0','DWord')   
    Write-Host "RDP is enabled in Remote Registry on machine: $ComputerName" 

}

Function Disable-RDPRemote{
Param ($ComputerName)

	Write-Host "Modifying Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
    $regkey.SetValue('fDenyTSConnections','1','DWord')   
    Write-Host "RDP is disabled in Remote Registry on machine: $ComputerName" 
}


Function Read-RDPRemote{

Param ($ComputerName)

	Write-Host "Checking Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
  	if ($regkey.GetValue('fDenyTSConnections') -eq 0){ Write-Host "RDP is enabled in Remote Registry on machine: $ComputerName" }
	else {Write-Host "RDP is disabled in Remote Registry on machine: $ComputerName"}

}


if ($disable){
Disable-RDPRemote $computername
}

if($enable){
Enable-RDPRemote $computername
}

if($check){
Read-RDPRemote $computername
}

Open in new window


it is working in AD you can call it with the parameter that you need in order to check enable or disable rdp in a computer.
usage
.\rdpstatus.ps1 computer -check
.\rdpstatus.ps1 computer -enable
.\rdpstatus.ps1 computer -disable

Hope its what you need.
0
 

Author Comment

by:afrokiwi
ID: 37713420
Hi NikolasG

Didn’t work until i changed the reg path too:

SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services

Suspect this is because we enforce no access via GPO.

Thanks for this, all I have to do now is work out how to pass admin credentials.

Full points awarded …

Mark
0
 
LVL 6

Expert Comment

by:NikolasG
ID: 37713479
Hi again,
If you are in a domain and you have domain admin role on the user you are using or use a user with domain admin rights or start powershell with runas and use a domain admin user the above script is going to work without asking for admin credentials.
Interesting the fact that it uses a different reg path I ll keep it in mind for the future.
Hope it helps.
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In previous parts of this Nano Server deployment series, we learned how to create, deploy and configure Nano Server as a Hyper-V host. In this part, we will look for a clustering option. We will create a Hyper-V cluster of 3 Nano Server host nodes w…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This Micro Tutorial will give you basic overview of the control panel section on Windows 7. It will depth in Network and Internet, Hardware and Sound, etc. This will be demonstrated using Windows 7 operating system.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question