Solved

Powershell to check Remote desktop with the latest feature enabled or not ?

Posted on 2012-03-14
8
1,832 Views
Last Modified: 2013-11-21
Hi People,

Is there any way to test if Remote Desktop is available in a list of server ?

I'm in the process of filtering and searching through hundreds of Windows Server VM which could be affected with this issue: http://technet.microsoft.com/en-us/security/bulletin/ms12-020

so If anyone can come up with powershell script to identify which RDP version or feature is installed (with NLA or not) that'd be great.

Thanks.
0
Comment
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
8 Comments
 
LVL 10

Expert Comment

by:Joe Klimis
ID: 37724178
Hi ,
This will give you what you want except the NLA information

 $servers = get-content servers.txt
 $results = @()
 

 ForEach ($server in $servers)
{
#  get the TS Setting object for current server
 $result = @()
 $result = "" | select ServerName, RDPenabled, Logons, LicenseType
 $ts = get-WMIObject Win32_TerminalServiceSetting  -computername $server -Namespace ROOT\CIMV2\TerminalServices
 $result.ServerName  = $ts.ServerName
 $result.RDPenabled  = $ts.AllowTSConnections
 $result.Logons      = $ts.Logons
 $result.LicenseType = $ts.LicensingType
 $results +=  $result
}

$results

Open in new window


Can you confirm which version of powershell you are using as there may be a way of using remote registry call to find out the NLa info.

Regards
Joe
0
 
LVL 10

Accepted Solution

by:
Joe Klimis earned 500 total points
ID: 37724220
I have tested the following that works in Powershell 2.0

 $servers = get-content servers.txt
 #$servers = "Localhost","Localhost" # for testing
 $results = @()
 

 ForEach ($server in $servers)
{
#  get the TS Setting object for current server
 $result = @()
 $result = "" | select ServerName, RDPenabled, Logons, LicenseType,NLA
 $ts = get-WMIObject Win32_TerminalServiceSetting  -computername $server -Namespace ROOT\CIMV2\TerminalServices
 $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $ServerName)
 $result.NLA         = ($reg.OpenSubKey("System\\CurrentControlSet\\Control\\Terminal Server\\WinStations\\RDP-Tcp" )).GetValue("UserAuthentication")
 $result.ServerName  = $ts.ServerName
 $result.RDPenabled  = $ts.AllowTSConnections
 $result.Logons      = $ts.Logons
 $result.LicenseType = $ts.LicensingType
 $results +=  $result
}

$results
# $results | Export-Csv "results.csv" -NoTypeInformation     #    uncomment to write results to CSV

Open in new window

0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 37727947
hi Joe,

I'm using PS 2.0
0
Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 37735994
ok, I got this error:


Get-WmiObject : Invalid namespace 
At C:\Temp\bdb4988c-8ce2-4322-8e4f-ee32d4b61a01.ps1:11 char:22
+      $ts = get-WMIObject <<<<  Win32_TerminalServiceSetting  -computername $server -Namespace ROOT\CIMV2\TerminalServices
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], ManagementException
    + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

Open in new window


is there anything that I need to do to make it run as per your suggestion ?
0
 
LVL 7

Author Comment

by:Senior IT System Engineer
ID: 37736044
ok, I've just found this URL: http://blogs.technet.com/b/jamesone/archive/2009/01/31/checking-and-enabling-remote-desktop-with-powershell.aspx

which tells you about the type of RDP connection, so how do I incorporate that into the script above that you mention ?

Function Get-RemoteDesktopConfig {

if ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server').fDenyTSConnections -eq 1)
    {"Connections not allowed"}
 elseif ((Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp').UserAuthentication -eq 1)
    {"Only Secure Connections allowed"} 
 else     
 	{"All Connections allowed"}

} 

Get-RemoteDesktopConfig

Open in new window

0
 
LVL 10

Expert Comment

by:Joe Klimis
ID: 37765579
Hi

The problem you may be having is that the format of servers.txt  i have attached an example with localhost in it twice.

sorry for the delay in replying, let me know how you get on,



Joe
0

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
FTP Script 25 65
Select String - If Else Statement - Powershell 8 29
Merging two files with Perl 5 29
Import CSV with All modify groups 17 37
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question