• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1243
  • Last Modified:

Powershell script to enable RDP on Windows 7

Hello Experts,

Has anyone got a PowerShell v2 script to enable RDP on a remote Windows 7 workstation?

Regards

Mark
0
afrokiwi
Asked:
afrokiwi
  • 5
  • 4
1 Solution
 
NikolasGCommented:
Hello,
It exists in microsoft library

http://gallery.technet.microsoft.com/scriptcenter/Remotely-Enable-RDP-855c3842

if you want to run something locally then try
Function Set-RemoteDesktopConfig
{Param ([switch]$LowSecurity, [switch]$disable) 
 if ($Disable) {
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'`
                        -name "fDenyTSConnections" -Value 1 -erroraction silentlycontinue 
       if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                                      -name "fDenyTSConnections"  -Value 1 -PropertyType dword }
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' `
                        -name "UserAuthentication" -Value 1 -erroraction silentlycontinue
      if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 -PropertyType dword} 
     } 
else {
       set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                        -name "fDenyTSConnections" -Value 0 -erroraction silentlycontinue
        if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
                                      -name "fDenyTSConnections" -Value 0 -PropertyType dword } 
       if ($LowSecurity) {
           set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'`
                                               -name "UserAuthentication" -Value 0 -erroraction silentlycontinue 
        if (-not $?) {new-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp'`
                                          -name "UserAuthentication" -Value 0 -PropertyType dword}
          }

     } 

}

Function Get-RemoteDesktopConfig
{if ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server').fDenyTSConnections -eq 1)

          {"Connections not allowed"}

 elseif ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp').UserAuthentication -eq 1)
         {"Only Secure Connections allowed"} 

 else     {"All Connections allowed"}

} 


Get-RemoteDesktopConfig
Set-RemoteDesktopConfig -disable /if you want to disable
Get-RemoteDesktopConfig
Set-RemoteDesktopConfig -LowSecurity /if you want low security
Get-RemoteDesktopConfig

Open in new window


Hope it helps.
0
 
afrokiwiAuthor Commented:
Hi NikolasG,

Thanks for the quick response.

I have seen the script from http://gallery.technet.microsoft.com/scriptcenter/Remotely-Enable-RDP-855c3842 but i can’t get it to run from a W7 machine with Powershell 2 installed.

It doesn’t fail or return any results.

I assume WinRm is installed on my pc.

Any ideas what I am doing wrong? .. and yes I am running it from AD Powershell with admin writes.

Regards

mark
0
 
NikolasGCommented:
Can you try running the sample that I wrote?
that one will display the status of rdp before and after the changes.
The change on it's own doesn't display anything so it's not a bad thing that you have no results when you run it.

Please feed back.
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

 
afrokiwiAuthor Commented:
if i run yours .. this is what i get and i am unable to remote the pc :-(

PS C:\temp\Powershell> .\Set-RemoteDesktopConfig.ps1
Connections not allowed
Connections not allowed
All Connections allowed
PS C:\temp\Powershell>
0
 
NikolasGCommented:
First of all the script that I gave you affects the local pc. (so now you enabled rdp on the computer that you run it)
what the scritpt  do is :

41 : Get-RemoteDesktopConfig
42: Set-RemoteDesktopConfig -disable /if you want to disable
43 :Get-RemoteDesktopConfig
44: Set-RemoteDesktopConfig -LowSecurity /if you want low security
45:Get-RemoteDesktopConfig

Line 41 prints the current status (not allowed in your case)
line 42 dissables rdp line 43 prints again the current status (the same 2nd not allowed)
line 44 enables rdp line 45 prints again the current status (all Connections allowed)

so you can use the script that I gave you putting ass remarks lines 41-43 and you ll have what you asked.

Hope it helps.
0
 
afrokiwiAuthor Commented:
Hi NikolasG

I understand that your script modifies the registry on a local machine.

Are you sure this is the right registry hive?

'HKLM:\System\CurrentControlSet\Control\Terminal Server'

I was under the impression for W7 it is the following hive?

'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services’

These are AD windows 7 computers.

Just to clarify, I am after a PowerShell script that will enable RDP on a REMOTE windows 7 PC connected to AD.

Regards

Mark
0
 
NikolasGCommented:
From the test that I made in my win7 machine these are the correct registry hives.

The script from the link that is on my first answer is working on AD and win7 computers as it's writers says
if you want more a more light script then you could also use the following
# file rdpstatus.ps1
param(
   [string] $computername ,
   [switch]$enable, 
   [switch]$disable,
   [switch]$check
    )

	
Function Enable-RDPRemote{

Param ($ComputerName)

	Write-Host "Modifying Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
    $regkey.SetValue('fDenyTSConnections','0','DWord')   
    Write-Host "RDP is enabled in Remote Registry on machine: $ComputerName" 

}

Function Disable-RDPRemote{
Param ($ComputerName)

	Write-Host "Modifying Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
    $regkey.SetValue('fDenyTSConnections','1','DWord')   
    Write-Host "RDP is disabled in Remote Registry on machine: $ComputerName" 
}


Function Read-RDPRemote{

Param ($ComputerName)

	Write-Host "Checking Remote Registry on machine: $ComputerName" 
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ComputerName) 
    $regkey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server",$true) 
  	if ($regkey.GetValue('fDenyTSConnections') -eq 0){ Write-Host "RDP is enabled in Remote Registry on machine: $ComputerName" }
	else {Write-Host "RDP is disabled in Remote Registry on machine: $ComputerName"}

}


if ($disable){
Disable-RDPRemote $computername
}

if($enable){
Enable-RDPRemote $computername
}

if($check){
Read-RDPRemote $computername
}

Open in new window


it is working in AD you can call it with the parameter that you need in order to check enable or disable rdp in a computer.
usage
.\rdpstatus.ps1 computer -check
.\rdpstatus.ps1 computer -enable
.\rdpstatus.ps1 computer -disable

Hope its what you need.
0
 
afrokiwiAuthor Commented:
Hi NikolasG

Didn’t work until i changed the reg path too:

SOFTWARE\\Policies\\Microsoft\\Windows NT\\Terminal Services

Suspect this is because we enforce no access via GPO.

Thanks for this, all I have to do now is work out how to pass admin credentials.

Full points awarded …

Mark
0
 
NikolasGCommented:
Hi again,
If you are in a domain and you have domain admin role on the user you are using or use a user with domain admin rights or start powershell with runas and use a domain admin user the above script is going to work without asking for admin credentials.
Interesting the fact that it uses a different reg path I ll keep it in mind for the future.
Hope it helps.
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now