Windows 2012 Core Survival Guide – Remote Desktop

Learn about my 2012 Core Survival Guide here.

Remote Desktop

This is one of the more complex settings to get correct.  For remote desktop to work you need to have two registry keys and a firewall rule set up correctly.  If the registry key does not exist you will receive an error when you try to view or set it with PowerShell.  Remote Desktop is disabled if either of the following two settings are true:

fDenyTSConnections = 1

Remote Desktop application firewall rule is disabled

If "UserAuthentication" has a value of 1 indicates that only secured connections will be used. 

How view current Remote Desktop settings

fDenyTSConnections is the registry key that enables or disables Remote Desktop. A value of zero indicates that Remote Desktop is being allowed. 

PowerShell Command:

get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections"

If you receive an error it indicates the property does not exist or you typed the command in correctly.

 

UserAuthentication is the registry key that will enable secure connections. A value of one indicates that Remote Desktop will only use Secure Connections. 

PowerShell Command:

get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication"

Once again if you receive an error it indicates the property does not exist or you typed the command in correctly.

  

If the Remote Desktop Firewall Rules is "Enabled", like in the screen shot below, then the firewall rules will allow remote desktop to work.

PowerShell Command:

get-netfirewallrule -DisplayGroup "Remote Desktop" | format-table Name, Enabled -autosize

The screen shot below show that the firewall rules are correct for remote desktop.

 

How to enable Remote Desktop settings

Setting fDenyTSConnections registry key .

PowerShell Command:

set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0

If key does not exist this is the command to use.

New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 -PropertyType dword

In the screen shot below you see the current value, followed by the command to modify the value (in yellow), then followed by the command to confirm the setting.

 

How to enable Remote Desktop Firewall Rules .

PowerShell Command:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

In the screen shot below you see the current value, followed by the command to change it, then followed by a command to confirm the settings have been changed.

 

How to enable Secured Remote Desktop Session

This setting determines if all connections are allowed or only Secured Connections.  A value of 1 for this setting indicates that only Secured Connections.

PowerShell Command:

set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1   

If key does not exist this is the command to use.

New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 -PropertyType dword

The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

 

How to Disable Remote Desktop

Setting fDenyTSConnections registry key

PowerShell Command:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1

If the key did not exist you can use this command to create the key and set the value.

PowerShell Command:

Net-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1 -PropertyType dword

The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

 

How to disable Remote Desktop Firewall Rules

PowerShell Command:

Disable-NetFirewallRule -DisplayGroup "Remote Desktop"

In the screen shot below the first command shows the current value, followed by the command to disable the Remote Desktop firewall group, then followed by the command to confirm the setting changed.

 

I hope you found this useful. Please leave me a comment

Bruce