Bruce Adamczak

I have spent years working in perfmon, so I thought I would share some tips and tricks on the tool!

Windows 2012 Core Survival Guide – Remote Desktop

Windows 2012 Core Survival Guide – Remote Desktop

  • Comments 9
  • Likes

Learn about my 2012 Core Survival Guide here.

Remote Desktop

This is one of the more complex settings to get correct.  For remote desktop to work you need to have two registry keys and a firewall rule set up correctly.  If the registry key does not exist you will receive an error when you try to view or set it with PowerShell.  Remote Desktop is disabled if either of the following two settings are true:

fDenyTSConnections = 1

Remote Desktop application firewall rule is disabled

If "UserAuthentication" has a value of 1 indicates that only secured connections will be used. 

How view current Remote Desktop settings

fDenyTSConnections is the registry key that enables or disables Remote Desktop. A value of zero indicates that Remote Desktop is being allowed. 

PowerShell Command:

get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections"

If you receive an error it indicates the property does not exist or you typed the command in correctly.

 

UserAuthentication is the registry key that will enable secure connections. A value of one indicates that Remote Desktop will only use Secure Connections. 

PowerShell Command:

get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication"

Once again if you receive an error it indicates the property does not exist or you typed the command in correctly.

  

If the Remote Desktop Firewall Rules is "Enabled", like in the screen shot below, then the firewall rules will allow remote desktop to work.

PowerShell Command:

get-netfirewallrule -DisplayGroup "Remote Desktop" | format-table Name, Enabled -autosize

The screen shot below show that the firewall rules are correct for remote desktop.

 

How to enable Remote Desktop settings

Setting fDenyTSConnections registry key.

PowerShell Command:

set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0

If key does not exist this is the command to use.

New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 -PropertyType dword

In the screen shot below you see the current value, followed by the command to modify the value (in yellow), then followed by the command to confirm the setting.

 

How to enable Remote Desktop Firewall Rules.

PowerShell Command:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

In the screen shot below you see the current value, followed by the command to change it, then followed by a command to confirm the settings have been changed.

 

How to enable Secured Remote Desktop Session

This setting determines if all connections are allowed or only Secured Connections.  A value of 1 for this setting indicates that only Secured Connections.

PowerShell Command:

set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1   

If key does not exist this is the command to use.

New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 -PropertyType dword

The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

 

How to Disable Remote Desktop

Setting fDenyTSConnections registry key

PowerShell Command:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1

If the key did not exist you can use this command to create the key and set the value.

PowerShell Command:

Net-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1 -PropertyType dword

The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

 

How to disable Remote Desktop Firewall Rules

PowerShell Command:

Disable-NetFirewallRule -DisplayGroup "Remote Desktop"

In the screen shot below the first command shows the current value, followed by the command to disable the Remote Desktop firewall group, then followed by the command to confirm the setting changed.

 

I hope you found this useful.  Please leave me a comment

Bruce

Comments
  • <p>Thanks!!</p> <p>No more console connection only on the VM for me. &nbsp;:D</p>

  • <p>Good work... Thank you for the valuable information..</p>

  • <p>Article that you had shared with us is useful for us. This article provides us information which can help us to gain knowledge about something new.</p>

  • <p>This blog is highly informatics, crisp and clear. Here everything has been described in systematic manner so that reader could get maximum information and learn many things. This is one of the best blogs I have read.</p>

  • <p>&quot;1.On the Server Core server, run: cscript C:\Windows\System32\Scregedit.wsf /ar 0</p> <p>This enables the Remote Desktop for Administration mode to accept connections.&quot; - <a rel="nofollow" target="_new" href="http://technet.microsoft.com/en-us/library/jj574205.aspx">technet.microsoft.com/.../jj574205.aspx</a> </p>

  • <p>Great. Straight and to the point. Thanks.</p>

  • First, I would like to say thank you for taking the time to create this guide. I have been working in Hyper V for 5 years now and never cease to be surprized at how little information the Hyper V team at Microsoft provides. I have been using RDP to connect to the Hyper V server from the start but after upgrading to Hyper V Server 2012 R2 at all my client sites, I lost the ability to remotely connect causing all sorts of problems and aggravations. Your instructions are clear and I am now adjusting all my Hyper V sites. I understand that this is part of Microsoft's overall plan to make server core more central along with the use of PowerShell. However, having said that, some simple FAQ's from the Hyper V development team would not have hurt.

  • I just noted that the date is Feb 2013 not Feb 2014. I didn't have troubles connecting to Hyper V Server 2012, it was with the R2 upgrade that I encountered the problem. The solution still worked though.

  • m'ml;b,[,b;pkfpwfk, ,';,;,'w[kl[lfr

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment