Enable RemoteDesktop with PowerShell

From time to time I visit my public or private git repository knowing that I’ve faced and solved that problem before, knowing that the solution was tested and work as expected.

In this case, I had a script that was a oneliner ( nothing wrong with), it but to meet the goal I needed to add another 2 lines, so to make it more reusable by other user and still keep it readable and flexible I’ve refactored the script and wrote this article. As mentioned in the title the subject is RDP and Powershell.

This is, without any doubt, a 101 subject for every system administrator.

Microsoft RDP connection

If you’re not familiar with the Microsoft Remote Desktop Protocol, a good place to start is Wikipedia.
I assume that if you’re reading this article you’re using RDP to connect to other Workstations or Servers.
By default, any Windows OS doesn’t allow a user to connect via RDP.  Indeed, this setting can be enabled by editing the registry, that by default is set to deny remote access to the host. Once the service is enabled a Local User Group called Remote Desktop Users secure the access by granting to a restricted list of users (all local administrators access is granted implicitly).
Last but not least, a firewall rule needs to be added to the host-based (Windows) firewall to enable the inbound RDP Connection on port 3389 (TCP).

To perform these simple steps via the Gui you’ll visit the System Properties from the Control Panel, Regedit and the Local Users and Groups (mmc snapin) and Windows Firewall, and checking with netstat if the port is open.

Enable-RemoteDesktop Script

If the workstation/server in your local network has the PowerShell remoting you can perform these steps with the following script with no need to login on the Server/Workstation (interactively via a console), but we can do it remotely.

The Old script

There wasn’t anything wrong with the old script, it was documented and working fine, but I thought that reverting to a less polished approach could help to make the code more approachable and reusable by a larger audience.

 

Group Policy

This is a one-off script, but to deploy to multiple domain-joined machines it’s always better to use Group Policies by adding a restricted security group to the local remote desktop users group, adding the firewall rule for opening port 3389 and enabling the remote connections.
I recommend to not avoid implementing GPO in favor of scripting, I won’t stress enough about it… using policies wisely to create a security baseline and avoid configuration drifts is necessary for an environment that should be consistent and manageable for a long time.

Wrap Up

I hope you’ll find that enable Remote Desktop on a Windows Os via scripting is simple as much is it using the graphical tools. As usual, you can find this script on my GitHub repository.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.