Following on from my Windows XP & 7 guide, Enable RDP using the registry editor, I have created this PowerShell script to automate the task. This script will check if the “Remote Registry” service is started. If it isn’t, it’ll start it. It will then dig through the registry to find the DWORD we need to change and it’ll switch it on/off depending on your parameters.
The registry keys are in the same location, so this PS1 should work for Windows XP & 7 target machines. I assume this means it will work for Windows Vista as well, and probably 8, 8.1 and 10 as well, but these are all untested.
Usage: .\SetRDP.ps1 -PC computername [ -enable | -disable ]
Download the RDP Connection Setter v1.0 here!
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 |
################################################################################################# # # # RDP Connection Setter v1.0 # # # # Written by: Mike Oldfield # # Date: 27/06/2016 # # # # This PS1 automates enabling/disabling RDP connections, by tweaking the fDenyTSConnections # # registry key. # # # # Usage: .\SetRDP.ps1 -PC cfsbeckwkxxxxx [-enable | -disable] # # # ################################################################################################# ############################# # # # PARAMETERS # # # ############################# # Set some avaialble paramters. This bit must come first param ( [Parameter(Mandatory=$true)] # Set the following parameter to be mandatory [string]$PC, # -PC: Set the computer name we're editing [switch]$enable = $true, # -enable: Default to enabling RDP [switch]$disable = $false # -disable: Option to disable RDP, set to false by default ) $scriptVer = "v1.0" # What version of the script is this? Used for header info $scriptAuth = "Mike Oldfield" # Who wrote the script? $scriptLastUpdate = "27/06/2016" # When was the script last updated? $RRServStopped = 0 # Empty out the $RRServStopped variable. This is used to determine if we had to start "Remote Registry" service later on ############################# # # # SCRIPTY BIT # # # ############################# # Write a pretty header Write-Host "`r`n##################################################`r`n" -ForegroundColor darkcyan -NoNewLine Write-Host "##### " -ForegroundColor darkgray -NoNewLine Write-Host "RDP Connection Setter $scriptVer " -ForegroundColor gray -NoNewLine Write-Host "#####`r`n##### " -ForegroundColor darkgray -NoNewLine Write-Host "Written by: $scriptAuth " -ForegroundColor gray -NoNewLine Write-Host " #####`r`n##### " -ForegroundColor darkgray -NoNewLine Write-Host "Last Updated: $scriptLastUpdate " -ForegroundColor gray -NoNewLine Write-Host " #####`r`n" -ForegroundColor darkgray -NoNewLine Write-Host "##################################################`r`n" -ForegroundColor darkcyan # Check if we asked to disable the RDP connection if ($disable) { # If we did, set $enable to false $enable = $false } # Start trying things try { # Tell us what we're about to do if ($enable) { Write-Host "Attempting to enable RDP connections on $PC ... " -NoNewLine } if ($disable) { Write-Host "Attempting to disable RDP connections on $PC ... " -NoNewLine } # Find out if the "Remote Registry" service is stopped or started $RRService = Get-Service -Name "Remote Registry" -ComputerName $PC -ErrorAction Stop # If the last command told us the service is stopped... if ($RRService.Status -ne "Running") { # Start the service $RRService | Set-Service -Status Running -ErrorAction Stop # Set $RRServStopped to 1 to tell us we had to start the service $RRServStopped = 1 } # Connect to the remote registry of the PC $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine", $PC) # Open the location where the fDenyTSConnections DWORD sits $regKey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server", $true) # Find out the value of the fDenyTSConnections DWORD. Enabled = 0, Disabled = 1 $fDenyTSConnections = $regKey.GetValue("fDenyTSConnections") # Now check if we asked to disable the RDP connection if ($disable) { # Have a look at the current value. If it's 1 (disabled)... if ($fDenyTSConnections -eq 1) { # Tell us it is already disabled Write-Host "RDP is already disabled on this machine" -ForegroundColor yellow # But if it's 1 (enabled)... } elseif ($fDenyTSConnections -eq 0) { # Change it from 0 (enabled) to 1 (disabled) as requested $regKey.SetValue("fDenyTSConnections", 1) # Tell us we were successful Write-Host "RDP disabled" -ForegroundColor green # But if it isn't 0 or 1, which should never happen... } else { # Tell us the registry is broken! Write-Host "Error! RDP setting isn't enabled nor disabled. Your registry is broken!" -ForegroundColor red } # But if we asked to enable the RDP connection } elseif ($enable) { #Have a look at the current value. If it's 0 (enabled)... if ($fDenyTSConnections -eq 0) { # Tell us it is already enabled Write-Host "RDP is already enabled on this machine" -ForegroundColor yellow # But if it's 1 (disabled)... } elseif ($fDenyTSConnections -eq 1) { # Change it from 1 (disabled) to 0 (enabled) $regKey.SetValue("fDenyTSConnections", 0) # Tell us we were successful Write-Host "RDP enabled" -ForegroundColor green # But if it isn't 0 or 1, which should never happen... } else { #Tell us the registry is broken! Write-Host "Error! RDP setting isn't enabled nor disabled. Your registry is broken!" -ForegroundColor red } # But if we didn't ask for it to be enabled nor disabled, which should never happen... } else { # Tell us we're confused Write-Host "Error! I don't know what you want me to do! Check your parameters!" } # Check if we had to start the "Remote Registry" service earlier. If we did... if ($RRServStopped -eq 1) { # Stop the service again. It was likely disabled for a reason so we don't want to leave it running Invoke-Command -ComputerName $PC -ScriptBlock { Stop-Service -Name "Remote Registry" -ErrorAction Stop } # Set $RRServStopped back to 0 $RRServStopped = 0 } # Catch any errors that occur } catch [System.Exception] { # Report the error Write-Host "Error! $_" -ForegroundColor red } # Add a blank line to make things pretty Write-Host "" |
