Bruce Adamczak
I am as a Premier Field Engineering supporting Windows Server and Active Directory with an emphasis on OS performance.
Follow Me and Learn 2012 Index or Windows 2012 Core Survival Guide Index
Learn about my 2012 Core Survival Guide here.
Remote Desktop
This is one of the more complex settings to get correct. For remote desktop to work you need to have two registry keys and a firewall rule set up correctly. If the registry key does not exist you will receive an error when you try to view or set it with PowerShell. Remote Desktop is disabled if either of the following two settings are true:
fDenyTSConnections = 1
Remote Desktop application firewall rule is disabled
If "UserAuthentication" has a value of 1 indicates that only secured connections will be used.
How view current Remote Desktop settings
fDenyTSConnections is the registry key that enables or disables Remote Desktop. A value of zero indicates that Remote Desktop is being allowed.
PowerShell Command:
get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections"
If you receive an error it indicates the property does not exist or you typed the command in correctly.
UserAuthentication is the registry key that will enable secure connections. A value of one indicates that Remote Desktop will only use Secure Connections.
get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication"
Once again if you receive an error it indicates the property does not exist or you typed the command in correctly.
If the Remote Desktop Firewall Rules is "Enabled", like in the screen shot below, then the firewall rules will allow remote desktop to work.
get-netfirewallrule -DisplayGroup "Remote Desktop" | format-table Name, Enabled -autosize
The screen shot below show that the firewall rules are correct for remote desktop.
How to enable Remote Desktop settings
Setting fDenyTSConnections registry key.
set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
If key does not exist this is the command to use.
New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 -PropertyType dword
In the screen shot below you see the current value, followed by the command to modify the value (in yellow), then followed by the command to confirm the setting.
How to enable Remote Desktop Firewall Rules.
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
In the screen shot below you see the current value, followed by the command to change it, then followed by a command to confirm the settings have been changed.
How to enable Secured Remote Desktop Session
This setting determines if all connections are allowed or only Secured Connections. A value of 1 for this setting indicates that only Secured Connections.
set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1
New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 -PropertyType dword
The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.
How to Disable Remote Desktop
Setting fDenyTSConnections registry key
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1
If the key did not exist you can use this command to create the key and set the value.
Net-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1 -PropertyType dword
How to disable Remote Desktop Firewall Rules
Disable-NetFirewallRule -DisplayGroup "Remote Desktop"
In the screen shot below the first command shows the current value, followed by the command to disable the Remote Desktop firewall group, then followed by the command to confirm the setting changed.
I hope you found this useful. Please leave me a comment
Bruce
Thanks!!
No more console connection only on the VM for me. :D