Remote desktop connection PowerShell script
Type your search query and hit enter: All Rights ReservedView Non-AMP Version Type your search query and hit enter:
How to Enable Remote Desktop (RDP) Remotely?The most intuitive way to enable Remote Desktop on Windows is to use a GUI. To enable RDP on a local computer, you need to open the System Control Panel item, go to the Remote Settings tab and enable the Allow remote connections to this computeroption in the Remote Desktop section. However, this requires local access to the computer on which you want to enable RDP. You can usually ask the user for this (local administrator permissions required), or local technical support. However, what to do if no one in the remote branch office could enable the Remote Desktop locally? By default, Remote Desktop is disabled on both desktop versions of Windows and Windows Server. Show
If you want to remotely enable Remote Desktop (RDP) on a remote host (server or computer), but you dont have access to the local device console, well show how to do it using PowerShell. Enable RDP Using Remote Registry ServiceYou can enable Remote Desktop on a remote computer using Registry Editor. This requires:
So, to enable the remote desktop via remote registry, follow these steps:
Enable Remote Desktop Remotely Using PowerShellTo enable RDP remotely, you need to configure and run the WinRM service (Windows Remote Management) on the remote computer. The WinRM service is enabled by default in all versions of Windows Server starting with Windows Server 2012. However, WinRM is disabled by default in client operating systems such as Windows 10. Thus, to enable Remote Desktop remotely via PowerShell, the remote computer must meet the following requirements:
Suppose you want to remotely enable RDP on Windows Server 2012 R2/2016/ 2019. Open the PowerShell console on your computer and run the following command to connect to your server remotely: Enter-PSSession -ComputerName server.domain.local -Credential domainadministratorSo, you have established a remote session with a computer and now you can execute PowerShell commands on it. To enable Remote Desktop, you just need to change registry parameter fDenyTSConnections from 1 to 0 on the remote computer. Run the command: Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0When RDP is enabled in this way (as opposed to the GUI method), the rule that allows remote RDP connections is not enabled in the Windows Firewall rules. To allow incoming RDP connections in Windows Firewall, run the command:
If for some reason this firewall rule is missing, you can create it manually: netsh advfirewall firewall add rule name="allow RemoteDesktop" dir=in protocol=TCP localport=3389 action=allowIf you want to restrict hosts or subnets that are allowed to connect to Remote Desktop, you can create a custom rule that allows Windows Firewall to solely accept incoming RDP connections from specific IP addresses, subnets, or IP ranges. In this case, instead of the previous command, you need to use the following one: New-NetFirewallRule -DisplayName Restrict_RDP_access" -Direction Inbound -Protocol TCP -LocalPort 3389 -RemoteAddress 192.168.1.0/24,192.168.2.100 -Action AllowIf you need to enable secure RDP authentication (NLA Network Level Authentication), run the command: Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1Now you can check the availability of TCP port 3389 on the remote host from your computer. Run the command: Test-NetConnection 192.168.1.11 -CommonTCPPort rdpThere should be a result like this:
This means that RDP on the remote host is enabled and you can establish a remote desktop connection using mstsc.exe, RDCMan, or any alternative RDP client.
By default, only members of the local Administrators group can connect via the RDP remotely. To allow RDP connections for non-admin users, just add them to the local Remote Desktop Users group. You can add the desired users to the Remote Desktop Users locally by using the Local Users and Groups MMC snap-in (LUSRMGR.MSC). Or you can change RD Users group membership remotely using the PowerShell Remoting inside the Enter-PSSession. Use the following command to add the domain user ASmith to the local group: net localgroup "remote desktop users" /add "contoso\asmithAlternatively, instead of the Enter-PSSession cmdlet, you can use another PS Remoting command Invoke-Command: Invoke-Command -Scriptblock {net localgroup "remote desktop users" /add "contoso\asmith } -Computer Server1.contoso.comHow to Enable Remote Desktop over WMI?If you want to enable RDP on a remote computer where WInRM is disabled (for example, on a regular computer with Windows 10), you can use the WMI PowerShell command. To check if RDP access is enabled on the remote computer 192.168.1.90, run the command (see the value of the AllowTSConnections property): To enable RDP and add a Windows Firewall exception rule, run the following command: (Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace root\CIMV2\TerminalServiceCyril Kardashevsky I enjoy technology and developing websites. Since 2012 I'm running a few of my own websites, and share useful content on gadgets, PC administration and website promotion. Next Fixing The Program Can't Start Because VCRUNTIME140.dll is Missing » Previous « How to Fix an Error ERR_NAME_NOT_RESOLVED on Android Devices? Share Published by Cyril Kardashevsky Tags: PowershellRemote Desktop
Related PostRecent Posts
Enable/Disable MFA in Azure Active DirectoryIt used to be that username and password were the most secure way to authenticate 3 days ago
How to Delete COM Port In Use?Every time you plug in a COM or USB device to your computer, Plug-n-Play service 6 days ago
ADSI Edit: How to View and Change Active Directory Object Properties?The ADSI Edit tool (Active Directory Service Interface Editor) is a special mmc snap-in. It 7 days ago
How to Disable Multi Factor Authentication (MFA) in Office 365?Multi Factor Authentication (MFA) in Microsoft 365 (Office 365) is an authentication method that requires 1 week ago
Configure NTP Time Sync Using Group PolicyThe Windows Time service is the basis for the normal functioning of the Active Directory 2 weeks ago
Active Directory Organizational Unit (OU): Ultimate GuideOrganizational Unit (OU) is a container in the Active Directory domain that can contain different 2 weeks ago
All Rights ReservedView Non-AMP Version
|