Windows 2012 Core Survival Guide – Remote Desktop


Learn about my 2012 Core Survival Guide here.

Remote Desktop

This is one of the more complex settings to get correct.  For remote desktop to work you need to have two registry keys and a firewall rule set up correctly.  If the registry key does not exist you will receive an error when you try to view or set it with PowerShell.  Remote Desktop is disabled if either of the following two settings are true:

fDenyTSConnections = 1

Remote Desktop application firewall rule is disabled

If “UserAuthentication” has a value of 1 indicates that only secured connections will be used. 

How view current Remote Desktop settings

fDenyTSConnections is the registry key that enables or disables Remote Desktop. A value of zero indicates that Remote Desktop is being allowed. 

PowerShell Command:

get-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server’-name “fDenyTSConnections

If you receive an error it indicates the property does not exist or you typed the command in correctly.

 

UserAuthentication is the registry key that will enable secure connections. A value of one indicates that Remote Desktop will only use Secure Connections. 

PowerShell Command:

get-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “UserAuthentication”

Once again if you receive an error it indicates the property does not exist or you typed the command in correctly.

  

If the Remote Desktop Firewall Rules is “Enabled”, like in the screen shot below, then the firewall rules will allow remote desktop to work.

PowerShell Command:

get-netfirewallrule -DisplayGroup “Remote Desktop” | format-table Name, Enabled -autosize

The screen shot below show that the firewall rules are correct for remote desktop.

 

How to enable Remote Desktop settings

Setting fDenyTSConnections registry key.

PowerShell Command:

set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server’-name “fDenyTSConnections” -Value 0

If key does not exist this is the command to use.

New-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server’-name “fDenyTSConnections” -Value 0 -PropertyType dword

In the screen shot below you see the current value, followed by the command to modify the value (in yellow), then followed by the command to confirm the setting.

 

How to enable Remote Desktop Firewall Rules.

PowerShell Command:

Enable-NetFirewallRule -DisplayGroup “Remote Desktop”

In the screen shot below you see the current value, followed by the command to change it, then followed by a command to confirm the settings have been changed.

 

How to enable Secured Remote Desktop Session

This setting determines if all connections are allowed or only Secured Connections.  A value of 1 for this setting indicates that only Secured Connections.

PowerShell Command:

set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “UserAuthentication” -Value 1   

If key does not exist this is the command to use.

New-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “UserAuthentication” -Value 1 -PropertyType dword

The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

 

How to Disable Remote Desktop

Setting fDenyTSConnections registry key

PowerShell Command:

Set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server’-name “fDenyTSConnections” -Value 1

If the key did not exist you can use this command to create the key and set the value.

PowerShell Command:

Net-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server’-name “fDenyTSConnections” -Value 1 -PropertyType dword

The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

 

How to disable Remote Desktop Firewall Rules

PowerShell Command:

Disable-NetFirewallRule -DisplayGroup “Remote Desktop”

In the screen shot below the first command shows the current value, followed by the command to disable the Remote Desktop firewall group, then followed by the command to confirm the setting changed.

 

I hope you found this useful.  Please leave me a comment

Bruce

Comments (26)

  1. Anonymous says:

    sconfig’s "6) Remote Desktop" menu option should automatically open the firewall (it didn’t for me). I didn’t see firewall settings mentioned on any other "Core" guide, so I really appreciate you posting this. Never would have known this otherwise!

  2. Al says:

    Thanks!!

    No more console connection only on the VM for me.  😀

  3. U2412M says:

    Good work… Thank you for the valuable information..

  4. U2713H says:

    Article that you had shared with us is useful for us. This article provides us information which can help us to gain knowledge about something new.

  5. Coffee In India says:

    This blog is highly informatics, crisp and clear. Here everything has been described in systematic manner so that reader could get maximum information and learn many things. This is one of the best blogs I have read.

  6. (L)User says:

    "1.On the Server Core server, run: cscript C:WindowsSystem32Scregedit.wsf /ar 0

    This enables the Remote Desktop for Administration mode to accept connections." – technet.microsoft.com/…/jj574205.aspx

  7. Bob VB says:

    Great. Straight and to the point. Thanks.

  8. Malcolm Macdonald says:

    First, I would like to say thank you for taking the time to create this guide. I have been working in Hyper V for 5 years now and never cease to be surprized at how little information the Hyper V team at Microsoft provides. I have been using RDP to connect
    to the Hyper V server from the start but after upgrading to Hyper V Server 2012 R2 at all my client sites, I lost the ability to remotely connect causing all sorts of problems and aggravations. Your instructions are clear and I am now adjusting all my Hyper
    V sites. I understand that this is part of Microsoft’s overall plan to make server core more central along with the use of PowerShell. However, having said that, some simple FAQ’s from the Hyper V development team would not have hurt.

  9. Malcolm Macdonald says:

    I just noted that the date is Feb 2013 not Feb 2014. I didn’t have troubles connecting to Hyper V Server 2012, it was with the R2 upgrade that I encountered the problem. The solution still worked though.

  10. bmxl[,bl; says:

    m’ml;b,[,b;pkfpwfk, ,’;,;,’w[kl[lfr

  11. David Crane says:

    Thanks for the information. In my case I do not find Remote Desktop rules.

  12. tungls says:

    Great GUIDE!
    Thanks so much!

  13. Laurent says:

    great guide!
    greetings from France.

  14. James Blomgren says:

    I was wondering if you have come across a situation when RDP does not work on a particular interface, but works on all other interfaces in server. (Management VLAN does not work, but Client VLAN does?)

  15. Steve says:

    Super thank you for your time and enormous effort on this. You are a real rocket scientist!
    Greetings from Colorado

  16. Jens says:

    What about localized windows, how can that be handled fx. "Remote Desktop" is "Fjernskrivebord" in danish, isn’t there a way like a SID or something

  17. Kevin says:

    Thank you. My iDRAC cable was bad and I could not get to a console on my physical server. This blog got me connected.

  18. fkawooya says:

    Awsome!
    Best guide… Cheers!!!

  19. Frank says:

    This was a great help – thanks!!

  20. Alex says:

    This help me a lot. Thanks

  21. Doug Clutter says:

    Easy to follow and understand. Thanks for sharing!

  22. David Mielcarek says:

    Have come back to this page many times during multiple vmWare and Hyper-V VM installs. So darn helpful. Thank you.

  23. Rajesh says:

    Good information

  24. Rajesh Gundeti says:

    very helpful. Thanks a lot.

  25. Helloworld says:

    Hi there, hum thank you very much for this. On the other hand if you type Net-ItemProperty it won’t work not because the key does not exist (but because this cmdlet does not exist !) but as you already written the command it is set-itemproperty or get-itemPROPERTY
    ….. I suppose it is a little mystake anyway this is not important all the rest is brillant
    thank you very much dude for this explanation
    Have a nice day