Enable Remote Desktop on Windows Server 2012 R2 via PowerShell

Enable Remote Desktop on Windows Server 2012 R2 via PowerShell

Latest Windows Server products come with Windows Remote Management (WinRM) enabled by default, but traditional Remote Desktop (RDP) feature is disabled. If you ever need to enable remote desktop feature on your newly deployed Windows Server 2012 R2 box but you don’t have console access, you can do so by using Windows PowerShell. In this guide I will tell you how to enable remote desktop when there is no console access to server.Terminal Services Connection SettingsBefore starting, you should know the Registry value which controls the Remote Desktop aka Terminal Services connections in Microsoft Windows (Servers and Clients). There is a DWORD value named “fDenyTSConnections” inside ‘HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server‘. This key accepts boolean value (either 0 or 1) and it is 1 by default which means Remote Desktop connection is disabled. By using simple PowerShell commands we will connect to remote server using WS-Management protocol and set this value to 0. We will also create and enable a rule in Windows Firewall to accept RDP connections.

Enable Remote Desktop Feature

Launch Windows PowerShell on your PC and type the following command:

Invoke-Command  -ComputerName MyDC1 -ScriptBlock {Set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server’ -Name “fDenyTSConnections” -Value 0 -Verbose}

Replace MyDC1 with your own computer name. If your currently logged on user does not have enough privilege to modify Windows registry on remote computer, you can specify -Credential domain\admin and the command will be run as alternate user

Add Rule To Windows Firewall

Type the following command in Windows PowerShell:

Invoke-Command  -ComputerName MyDC1 -ScriptBlock {Enable-NetFirewallRule -DisplayGroup “Remote Desktop” -Verbose}

That’s all. Now your server will be accepting remote desktop connections.

I have created a Windows PowerShell module for this task. If you want to set it in your computer and run it like traditional PowerShell cmdlet, follow the steps below

Create Windows PowerShell Module

Open Windows PowerShell ISE or notepad or any other text editor of your choice and copy the following code:

<#
  .Synopsis
  Enables the remote desktop feature

.Description
  The Enable-RemoteDesktop Cmdlet enables the remote desktop feature on remote computer(s) using the credentials of logged-on user or alternate user account specified in -Credential parameter

.Parameter 
  This is a required parameter where you need to specify a computer name which can be localhost or a remote computer

.Parameter 
  This is an optional parameter where you can specify alternate credentials to connect to remote computer if your current user account does not have enough privilege to make changes to Windows registry of remote computer

.Example
  Enable-RemoteDesktop -ComputerName DC1
  This command will enable the remote desktop feature on DC1

.Example
  Enable-RemoteDesktop -ComputerName DC1 -Credential mydomain\admin
  This command will enable the remote desktop feature on DC1 using domain admin credentials
  #>
  Function Enable-RemoteDesktop {

[CmdletBinding()]
  param(
  [Parameter(Mandatory=$true)]
  [String[]]$ComputerName='localhost',
  [System.Management.Automation.CredentialAttribute()]
  $Credential
  )
  Invoke-Command  -ComputerName $ComputerName -ScriptBlock {Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0 -Verbose}
  Invoke-Command  -ComputerName $ComputerName -ScriptBlock {Enable-NetFirewallRule -DisplayGroup "Remote Desktop" -Verbose}
  }

Create a folder named “Windows PowerShell” in your [My] Documents folder.

Create another folder named “Modules” inside Windows PowerShell folder.

Create another folder named “Enable-RemoteDesktop” inside Modules folder.

Save the code copied to notepad into Enable-RemoteDesktop folder with the name “Enable-RemoteDesktop.psm1” filename. Note the file extension should be .psm1 which will make it a PowerShell module.

Now open Windows PowerShell console on your PC and type the following command:

Get-Help Enable-RemoteDesktop -Full

You will notice that you have just created a Windows PowerShell cmdlet that will feel and behave like other cmdlets. You can use parameters like -ComputerName, -Credential, -Verbose, -ErrorAction etc. which is awesome.

Below is the snapshot of Get-Help Enable-RemoteDesktop -Full command: 

NAME
     Enable-RemoteDesktop

SYNOPSIS
     Enables the remote desktop feature

SYNTAX
     Enable-RemoteDesktop [-ComputerName] <String[]> [[-Credential] <Object>] [<CommonParameters>]

DESCRIPTION
     The Enable-RemoteDesktop Cmdlet enables the remote desktop feature on remote computer(s) using the credentials of logged-on
     user or alternate user account specified in -Credential parameter

PARAMETERS
     -ComputerName <String[]>

        Required?                    true
         Position?                    1
         Default value                localhost
         Accept pipeline input?       false
         Accept wildcard characters?  false

    -Credential <Object>

        Required?                    false
         Position?                    2
         Default value
         Accept pipeline input?       false
         Accept wildcard characters?  false

    <CommonParameters>
         This cmdlet supports the common parameters: Verbose, Debug,
         ErrorAction, ErrorVariable, WarningAction, WarningVariable,
         OutBuffer, PipelineVariable, and OutVariable. For more information, see
         about_CommonParameters (http://go.microsoft.com/fwlink/?LinkID=113216).

INPUTS

OUTPUTS

    -------------------------- EXAMPLE 1 --------------------------

    PS C:\>Enable-RemoteDesktop -ComputerName DC1

    This command will enable the remote desktop feature on DC1

    -------------------------- EXAMPLE 2 --------------------------

    PS C:\>Enable-RemoteDesktop -ComputerName DC1 -Credential mydomain\admin

    This command will enable the remote desktop feature on DC1 using domain admin credentials

RELATED LINKS

Now whenever you want you can enable remote desktop on any remote computer by using following command:

Enable-RemoteDesktop -ComputerName MyDC2

If your currently logged on user does not have enough privilege for remote computer, you can add -Credential parameter and supply your domain admin credentials as shown below:

Enable-RemoteDesktop -ComputerName MyDC2 -Credential domain\admin

You will be prompted to enter the credentials on the fly as shown in following image

This is how you can enable remote desktop feature without having console access to remote server. Windows Server 2012 and later version of Windows Server family comes with Windows Remote Management enabled by default. In earlier versions of Windows Server, you have to enable Remote Management before you can use these PowerShell commands. For more information on how to enable Windows PowerShell Remoting, visit this page.

BACK



Microsoft Certified Professional | Cisco Certified Network Associate

Leave a Reply