Enable Remote Desktop remotely using PowerShell

Publish Date: December 26, 2016

Enable Remote Desktop remotely using PowerShell

Latest Windows Server products come with Windows Remote Management (WinRM) enabled by default, but traditional Remote Desktop (RDP) feature is disabled. If you ever need to enable remote desktop feature on your newly deployed Windows system but you don’t have console access, you can do so by using Windows PowerShell.

Viewing default terminal services settings in Registry
Viewing default terminal services settings in Registry

Before starting, you should know the Registry value which controls the Remote Desktop aka Terminal Services connections in Microsoft Windows (Server and Client OSes). There is a DWORD value named “fDenyTSConnections” inside ‘HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server‘. This key accepts a boolean value (either 0 or 1) and it is 1 by default, which means Remote Desktop connection is disabled. By using a simple PowerShell command, we will connect to remote server using WS-Management and set this value to 0. We will also enable a rule in Windows Firewall to accept RDP connections.

Enable remote desktop remotely using PowerShell

TO enable remote desktop on remote computer, launch PowerShell console on your PC and run the following command:

Invoke-Command  -ComputerName MyDC1 -ScriptBlock {Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0 -Verbose}
Enable Remote Desktop remotely using PowerShell
Enable Remote Desktop remotely using PowerShell

Replace MyDC1 with your own computer name. If your currently logged on user does not have enough privilege to modify Windows registry on remote computer, you can an authorized user using -Credential parameter and the command will be run as an alternate user.

Enable Firewall rule remotely using PowerShell

To enable the firewall rule remotely, run the following command in PowerShell:

Invoke-Command  -ComputerName MyDC1 -ScriptBlock {Enable-NetFirewallRule -DisplayGroup "Remote Desktop" -Verbose}

That’s all. Now your remote Windows system will be accepting remote desktop connections. I have created a PowerShell module for this task. If you want to set it in your computer and run it like a traditional PowerShell cmdlet, continue reading the remaining steps.

Create Windows PowerShell Module

Open Windows PowerShell ISE or notepad or any other text editor of your choice and copy the following code:

<#
  .Synopsis
  Enables the remote desktop feature

.Description
  The Enable-RemoteDesktop Cmdlet enables the remote desktop feature on remote computer(s) using the credentials of logged-on user or alternate user account specified in -Credential parameter

.Parameter 
  This is a required parameter where you need to specify a computer name which can be localhost or a remote computer

.Parameter 
  This is an optional parameter where you can specify alternate credentials to connect to remote computer if your current user account does not have enough privilege to make changes to Windows registry of remote computer

.Example
  Enable-RemoteDesktop -ComputerName DC1
  This command will enable the remote desktop feature on DC1

.Example
  Enable-RemoteDesktop -ComputerName DC1 -Credential mydomain\admin
  This command will enable the remote desktop feature on DC1 using domain admin credentials
  #>
  Function Enable-RemoteDesktop {

[CmdletBinding()]
  param(
  [Parameter(Mandatory=$true)]
  [String[]]$ComputerName='localhost',
  [System.Management.Automation.CredentialAttribute()]
  $Credential
  )
  Invoke-Command  -ComputerName $ComputerName -ScriptBlock {Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0 -Verbose}
  Invoke-Command  -ComputerName $ComputerName -ScriptBlock {Enable-NetFirewallRule -DisplayGroup "Remote Desktop" -Verbose}
  }

Create a folder named “Windows PowerShell” in your [My] Documents folder.

Create another folder named “Modules” inside Windows PowerShell folder.

Create another folder named “Enable-RemoteDesktop” inside Modules folder.

Save the code copied to notepad into Enable-RemoteDesktop folder with the name “Enable-RemoteDesktop.psm1” filename. Note the file extension should be .psm1 which will make it a PowerShell module.

Now open Windows PowerShell console on your PC and type the following command:

Get-Help Enable-RemoteDesktop -Full

You will notice that you have just created a Windows PowerShell cmdlet that will feel and behave like other cmdlets. You can use parameters like -ComputerName, -Credential, -Verbose, -ErrorAction etc. which is awesome. Now whenever you want you can enable remote desktop on any remote computer by using following command:

Enable-RemoteDesktop -ComputerName MyDC2

If your currently logged on user does not have enough privilege for remote computer, you can add -Credential parameter and supply your domain admin credentials as shown below:

Enable-RemoteDesktop -ComputerName MyDC2 -Credential domain\admin

You will be prompted to enter the credentials on the fly as shown in following image:

This is how you can enable remote desktop feature without having console access to remote server. Windows Server 2012 and later version of Windows Server family comes with Windows Remote Management enabled by default. In earlier versions of Windows Server, you have to enable Remote Management before you can use these PowerShell commands. For more information on how to enable Windows PowerShell Remoting, see this article. Furthermore, you can use this guide to enable remote desktop option in any version of windows including latest Windows 10, Windows 11, Server 2019, and Server 2022 etc.

BACK



Microsoft Certified | Cisco Certified

1 Comment

  • dash cam

    Hurrah! At last I got a website from where I be capable of really obtain valuable
    information concerning my study.

Comments are closed.