By default on a Windows Server Product Windows Remote Management (WinRM) is enabled, but Remote Desktop (RDP) is Disabled. On workstation operating systems neither is enabled by default, so if you want to be able to accomplish the following you will need to enable WinRM on the workstations. Enabling RDP remotely. Method 1: Command Line To enable RDP with the Command Prompt, use the following steps.
Reg add “\\computername\HKLM\SYSTEM\CurentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f
Note: Computername is the name of the computer you wish to enable RDP on. NOTE: Enabling RDP through the Command Prompt will not configure the Windows Firewall with the appropriate ports to allow RDP connections. NOTE: By default the local Administrators group will be allowed to connect with RDP. Also the user that is currently logged in will also be allowed to connect. To disable RDP with the Command Prompt, use the following steps.
Reg add “\\computername\HKLM \SYSTEM\CurentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 1 /f
Method 2: Using PowerShell To enable RDP with the PowerShell, use the following steps. Option 1 To enable RDP:
Invoke-Command –Computername “server1”, “Server2” –ScriptBlock {Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 0}
NOTE: Enabling RDP through PowerShell will not configure the Windows Firewall with the appropriate ports to allow RDP connections. Type the following: Invoke-Command –Computername “server1”, “Server2” –ScriptBlock {Enable-NetFirewallRule -DisplayGroup "Remote Desktop"}
NOTE: By default the local Administrators group will be allowed to connect with RDP. Also the user that is currently logged in will also be allowed to connect. To disable RDP with the PowerShell, use the following steps.
Invoke-Command –Computername “server1”, “Server2” –ScriptBlock {Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 1}
Option 2 To enable RDP RDP with the PowerShell, use the following steps.
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 0
NOTE: Enabling RDP through PowerShell will not configure the Windows Firewall with the appropriate ports to allow RDP connections. Type the following: Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
NOTE: By default the local Administrators group will be allowed to connect with RDP. Also the user that is currently logged in will also be allowed to connect. To disable RDP RDP with the PowerShell, use the following steps.
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 1
Method 3: Use Group Policy If you have numerous Servers and/or Workstations that you need to enable RDP on and they are in the same Organization Unit structure in Active Directory you should enable RDP through Group Policy. To enable RDP Using Group Policy.
Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections 
NOTE: Enabling RDP through GPO will configure the Windows Firewall with the appropriate ports to allow RDP connections. Note: In all the methods demonstrated in this blog any member of the local Remote Desktop Users group will be able to connect to the target computers. Until next time – Ride Safe! Rick Trader |
