Windows 2012 Core Survival Guide – Remote Desktop

Posted over 1 year ago

by

Bruce Adamczak

17 Comments

Learn about my 2012 Core Survival Guide here.

Remote Desktop

This is one of the more complex settings to get correct. For remote desktop to work you need to have two registry keys and a firewall rule set up correctly. If the registry key does not exist you will receive an error when you try to view or set it with PowerShell. Remote Desktop is disabled if either of the following two settings are true:

fDenyTSConnections = 1

Remote Desktop application firewall rule is disabled

If "UserAuthentication" has a value of 1 indicates that only secured connections will be used.

How view current Remote Desktop settings

fDenyTSConnections is the registry key that enables or disables Remote Desktop. A value of zero indicates that Remote Desktop is being allowed.

PowerShell Command:

get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections"

If you receive an error it indicates the property does not exist or you typed the command in correctly.

UserAuthentication is the registry key that will enable secure connections. A value of one indicates that Remote Desktop will only use Secure Connections.

PowerShell Command:

get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication"

Once again if you receive an error it indicates the property does not exist or you typed the command in correctly.

If the Remote Desktop Firewall Rules is "Enabled", like in the screen shot below, then the firewall rules will allow remote desktop to work.

PowerShell Command:

get-netfirewallrule -DisplayGroup "Remote Desktop" | format-table Name, Enabled -autosize

The screen shot below show that the firewall rules are correct for remote desktop.

How to enable Remote Desktop settings

Setting fDenyTSConnections registry key.

PowerShell Command:

set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0

If key does not exist this is the command to use.

New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 -PropertyType dword

In the screen shot below you see the current value, followed by the command to modify the value (in yellow), then followed by the command to confirm the setting.

How to enable Remote Desktop Firewall Rules.

PowerShell Command:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

In the screen shot below you see the current value, followed by the command to change it, then followed by a command to confirm the settings have been changed.

How to enable Secured Remote Desktop Session

This setting determines if all connections are allowed or only Secured Connections. A value of 1 for this setting indicates that only Secured Connections.

PowerShell Command:

set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1

If key does not exist this is the command to use.

New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 -PropertyType dword

The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

How to Disable Remote Desktop

Setting fDenyTSConnections registry key

PowerShell Command:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1

If the key did not exist you can use this command to create the key and set the value.

PowerShell Command:

Net-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1 -PropertyType dword

The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

How to disable Remote Desktop Firewall Rules

PowerShell Command:

Disable-NetFirewallRule -DisplayGroup "Remote Desktop"

In the screen shot below the first command shows the current value, followed by the command to disable the Remote Desktop firewall group, then followed by the command to confirm the setting changed.

I hope you found this useful. Please leave me a comment

Bruce

Windows 2012 Core Survival Guide – Changing the GUI type

Posted over 1 year ago

by

Bruce Adamczak

11 Comments

Learn about my 2012 Core Survival Guide here.

Changing the GUI type

Windows Server 2012 has three different GUI installations, Core, Minimal, and Full GUI. I am going to assume in this blog you installed Core and wish to temporarily install one of the other two GUIs. More information about the installation types can be found at:

http://technet.microsoft.com/en-us/library/hh831786.aspx

When deploying server core you may want to consider installing the full GUI during your installation and removing as part of your deployment process. This will allow you to add and remove the GUI later if needed without having to have access to the source files.

How to install the Minimal Server Interface

The Minimal Server Interface provides you with access to Server Manager, the MMC, PowerShell and the command windows. I use the Install-WindowsFeature cmdlet to install the GUI.

PowerShell Command:

Install-WindowsFeature Server-Gui-Mgmt-Infra –Restart

This command will require a reboot to complete.

After the installation of the Minimal interface and rebooting you still come up in an command prompt. In order to launch Server Manager you must type ServerManager like in the below screen shot. The same holds true for the MMC.

How to install the Full Gui Interface

The Full GUI Server Interface provides you with the full GUI of Windows Server 2012.

PowerShell Command:

Install-WindowsFeature Server-Gui-Mgmt-Infra, Server-Gui-Shell –Restart

This command too requires a reboot.

How to remove the GUI

To return your Server back to a Core installation you can remove the GUI interface by using the command below.

PowerShell Command:

Uninstall-WindowsFeature Server-Gui-Mgmt-Infra -restart

This command will require a reboot.

GUI installation when source media is required

If you try to install the GUI and receive the following error. It simply means you do not have access to the source files. You have two options at this point. Locate a copy of the installation CD or use a cached copy that is on your network.

Once you have access to the source files you need to determine the index number for an Image with Windows Server 2012 GUI.

PowerShell Command:

Get-WindowsImage -ImagePath d:\sources\install.wim

The command below list the different images store in the source directory. You will need to note which index number to use in the following command.

Now that we know the index number we can modify our installation command to include the source directory and index.

PowerShell Command:

Run Install-WindowsFeature Server-Gui-Mgmt-Infra, Server-Gui-Shell –Restart –Source wim:D:\source\install.wim:4

The command below shows a successful installation using the source directory and index

I hope you found this useful. Please leave me a comment

Bruce

Windows 2012 Core Survival Guide – Date and Time settings

Posted over 1 year ago

by

Bruce Adamczak

3 Comments

Learn about my 2012 Core Survival Guide here.

Date and Time settings

This blog is going to cover the basic of viewing and changing your time settings. If you are like me I seem to always forget to set the correct time zone and need to correct it after the install.

How to view Date and Time settings

Viewing the date and time is very strait forward. This is one of the simplest PowerShell cmdlet to work with.

PowerShell Command:

Get-Date

Or

Get-Date | format-list *

In the sample output below I demonstrate both of the above commands.

How to change Date and time setting

I am not sure why, but this one took me some time to figure out. None of the examples on the Get-Help showed the syntax for just setting the date and time. Below is the syntax I used to set the date and time on this computer.

PowerShell Command:

Set-date "12/12/2012 10:30 PM"

The output below shows the time was changed. Keep in mind that domain joined computers by default will sync their time from a domain controller. This can make your time change short lived.

How to View the current Time Zone

I had to use WMI calls to get the time zone. Below is the syntax I used.

PowerShell Command:

(Get-WmiObject win32_timezone).caption

As you can see below this command show you what time zone this computer is in.

How to Change the Time zone setting

I searched for a simple one line method in PowerShell to set the time zone and came up empty. The only easy way I found to do this in a one liner is using a command line utility tzutil.exe.

Command:

TZUTIL /s "US Eastern Standard Time"

How to get a complete list of Time Zones

Command

TZUTIL /l > timezone.txt

Notepad timezone.txt

Since this output is large and scrolls off the screen I piped it to an output text file and opened the file with notepad

I hope you found this useful. Please leave me a comment. Let me know if there are any core tasks you would like me to cover.

Bruce

Windows 2012 Core Survival Guide – Joining the Domain

Posted over 1 year ago

by

Bruce Adamczak

2 Comments

Learn about my 2012 Core Survival Guide here.

Joining the Domain

Everybody at some point will need to join their computers to the domain. This blog will cover the basics of viewing your settings, joining the domain and removing your computer from the domain.

How to view Domain Settings

We can view the domain name by using a WMI object Win32_ComputerSystem. I still looking for a good way to do this native with PowerShell 3.0

PowerShell Command:

(Get-WmiObject Win32_ComputerSystem).domain

The output below shows the domain name of the computer. In this case it is "WORKGROUP"

How to join the computer to the Domain

By joining your computer to the domain you will get all of the benefits that the domain has to offer. The PowerShell cmdlet we use is “Add-computer”.

PowerShell Command:

Add-computer -DomainName Contoso.com -Credential Contoso\Administrator -Restart

The output below of the first command shows the current domain name of the computer. In this case it is "WORKGROUP". The second command joins the computer to the domain Contoso.com. In addition, the second command will prompt you for credentials of an account with domain join privileges in the domain you are trying to join.

How to Join a Domain and place the computer in an Organizational Unit (OU)

Most corporations have well defined OU structures and do not want computer objects place in the default folder. By placing the computer object in the correct OU saves you time. Below is the cmdlet that will help us with that. You must know the complete distinguished name (spelling counts here) of the OU you wish to place the computer into. If the distinguished name has any spaces in it you must quote the entire name. I found it makes my life easier to always quote the distinguished name.

PowerShell Command:

Add-computer -DomainName Contoso.com -OUPath "OU=Servers, OU=Assets,DC=Contoso,DC=COM" -Credential Contoso\Administrator -Restart

The output below of the first command shows the current domain name of the computer. In this case it is "WORKGROUP". The second command joins the computer to the domain Contoso.com in the OU "Servers". In addition, the second command will prompt you for credentials of an account with domain join privileges in the domain you are trying to join. The computer will reboot when the command is completed.

How to leave a Domain

When you leave a domain you default back to the “Workgroup”

PowerShell Command:

Remove-Computer -UnjoinDomaincredential Contoso\Administrator -Passthru -Verbose -Restart

The output below of the first command shows the current domain name of the computer. In this case it is "Contoso.Com". The second cmdlet will remove it from the domain. In addition, the second command will prompt you for credentials of an account with domain join privileges in the domain you are trying to leave. Finally when the command completes the computer will reboot.

I hope you found this useful. Please leave me a comment. Let me know if there are any core tasks you would like me to cover.

Bruce

Windows 2012 Core Survival Guide – MacAddress, LinkSpeed and view single NICs

Posted over 1 year ago

by

Bruce Adamczak

4 Comments

Learn about my 2012 Core Survival Guide here.

MacAddress, LinkSpeed and view single NICs

There are a few more commands I want to add to wrap up this section about IPv4 settings. This will give you all the cmdlet you need to get the same data as IPconfig /all.

Viewing MAC Address and NIC Link Speed

To view the MAC Address and NIC link speed I am going to use the Get-NetAdapter cmdlet

PowerShell Command:

Get-NetAdapter | format-table interfaceindex, interfacealias, MacAddress, LinkSpeed –autosize

This command show the Network Adaptor settings Mac Address and LinkSpeed.

Viewing just one Network Interface.

In order to view just a single network interface all of my previous post’s cmdlet can be filter. You must know the "Interfaceindex" or the “InterfaceAlias” of the network interface you wish to output. I am only going to show you how to use the InterfaceIndex in this post.

In each command you can add the following " Where Interfaceindex -eq <interfaceindex value> |" which will filter the output to only display one index selected. Below is an example:

PowerShell Command:

Get-NetAdapter | Where Interfaceindex -eq 12 | format-table interfaceindex, interfacealias, MacAddress, LinkSpeed -autosize

This command allows us to display the properties on just one interface port.

If you wish to see all of the possible properties on this interface port you can use the following command.

PowerShell Command:

Get-NetIPAddress | Where Interfaceindex -eq 12 | format-list *

I hope you found this useful. Please leave me a comment

Bruce