Remote Desktop is not enabled on Windows systems by default. The PowerShell script described here allows you to enable Remote Desktop access on remote computers. Update: Learn how to enable Remote Desktop on Windows 10 with PowerShell, Group Policy, WMI and psexec.

Having Remote Desktop enabled on servers is essential for system administrators to be able to connect interactively to, and manage, servers. If this feature is disabled, system administrators will end up connecting to the server via ILO/DRAC or via some other remote control method and enabling Remote Desktop from there—a painful and time-consuming process.

Script description ^

The PowerShell script at the end of the  post relies on the WMI class Win32_TerminalServiceSetting under Root/CIMV2/TerminalServices. This WMI class is a hidden gem that most people are not aware of. This class has methods to enable/disable Remote Desktop access on remote computers and configure several other Remote Desktop options.

I use the SetAllowTSConnections() method to enable Remote Desktop access. This method takes two integers as arguments. The first one specifies the state (0 – disable; 1 – enable) of Remote Desktop, and the second one specifies whether to modify firewall exceptions or not (0 – do not modify firewall exception setting; 1 – modify firewall exception setting). In this script, I set both the arguments to 1 to enable Remote Desktop access and modify the firewall exception settings to allow the RDP port.

Below is the code that queries the Win32_TerminalServiceSetting class to get the status of Remote Desktop access. Notice that I use one additional parameter, called Authentication, in the WMI query. This is required because the Win32_TerminalServiceSetting WMI class allows remote access only if packet-level authentication is enabled. Passing the value 6 to the Authentication parameter does the job here; otherwise, you will get an “Access Denied” error even if you have administrative rights on the remote computer.

And the following code enables Remote Desktop:

Input ^

The script has two parameters:

  • ComputerName: This parameter takes a single computer name, or multiple computer names separated by commas, as an argument that specifies the computers on which to enable Remote Desktop. The parameter also takes input from the pipeline; see the Usage Examples section below to see how to pass computer names via the pipeline. If this parameter is not specified, the script executes on the computer from where you are running the script.
  • OutFolder: This parameter takes a folder path as an argument. This is where you want to store the results of the script in a text file format. If this parameter is not specified, the script stores the output files in C:\.

Output ^

This script returns the status both to the PowerShell console and in text files in the path you give via the OutFolder parameter. The script writes the successful computers list to successcomps.txt and the failed/offline computers list to failedcomps.txt.

Usage examples ^

Enable Remote Desktop on a local computer:

Enable Remote Desktop on a remote computer:

Enable Remote Desktop on a list of remote computers:

Enable Remote Desktop with a PowerShell scipt

Enable Remote Desktop with a PowerShell scipt

Note: You should test this script in your test lab before using it in a production environment. Depending on the kind of environment, the script may need additional enhancements. Feel free to write in the comments section if you need any further help.

Here is the complete code of the of the PowerShell script Enable RDP Access:

  1. Nick M 8 years ago

    Hello, you guys forgot to attach and link to the script in this article. If just using what was pasted to us as examples, we wouldn't have any output or $env:computername, etc.

    Thank you!


  2. Jeffrey Snover[MSFT} 8 years ago

    That is great. I knew that there was a way to do this but never got around to looking it up.

    Jeffrey Snover[MSFT]
    Distinguished Engineer and Lead Architect of Windows Server


  3. Nick, sorry, that was my fault. I added the link to the script at the end of the post. Thanks for the hint.


  4. marc 8 years ago

    there are easier ways without powershell:
    psexec @computerlist cmd /C reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /t REG_DWORD /v fDenyTSConnections /D 0 /f
    of course you can reg query each host to sort the result in files.


Leave a reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2021


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account