Remote Desktop is not enabled on Windows systems by default. The PowerShell script described here allows you to enable Remote Desktop access on remote computers. Update: Learn how to enable Remote Desktop on Windows 10 with PowerShell, Group Policy, WMI and psexec.

Having Remote Desktop enabled on servers is essential for system administrators to be able to connect interactively to, and manage, servers. If this feature is disabled, system administrators will end up connecting to the server via ILO/DRAC or via some other remote control method and enabling Remote Desktop from there—a painful and time-consuming process.

Script description

The PowerShell script at the end of the  post relies on the WMI class Win32_TerminalServiceSetting under Root/CIMV2/TerminalServices. This WMI class is a hidden gem that most people are not aware of. This class has methods to enable/disable Remote Desktop access on remote computers and configure several other Remote Desktop options.

I use the SetAllowTSConnections() method to enable Remote Desktop access. This method takes two integers as arguments. The first one specifies the state (0 – disable; 1 – enable) of Remote Desktop, and the second one specifies whether to modify firewall exceptions or not (0 – do not modify firewall exception setting; 1 – modify firewall exception setting). In this script, I set both the arguments to 1 to enable Remote Desktop access and modify the firewall exception settings to allow the RDP port.

Below is the code that queries the Win32_TerminalServiceSetting class to get the status of Remote Desktop access. Notice that I use one additional parameter, called Authentication, in the WMI query. This is required because the Win32_TerminalServiceSetting WMI class allows remote access only if packet-level authentication is enabled. Passing the value 6 to the Authentication parameter does the job here; otherwise, you will get an “Access Denied” error even if you have administrative rights on the remote computer.

$RDP = Get-WmiObject -Class Win32_TerminalServiceSetting `
			-Namespace root\CIMV2\TerminalServices `
			-Computer $Computer `
			-Authentication 6 `
			-ErrorAction Stop

And the following code enables Remote Desktop:

$result = $RDP.SetAllowTsConnections(1,1)
   if($result.ReturnValue -eq 0) {
   Write-Host "$Computer : Enabled RDP Successfully"
   "$Computer : RDP Enabled Successfully" | Out-File -FilePath $SuccessComps -Append
 } else {
   Write-Host "$Computer : Failed to enabled RDP"
   "$Computer : Failed to enable RDP" | Out-File -FilePath $FailedComps -Append
}

Input

The script has two parameters:

  • ComputerName: This parameter takes a single computer name, or multiple computer names separated by commas, as an argument that specifies the computers on which to enable Remote Desktop. The parameter also takes input from the pipeline; see the Usage Examples section below to see how to pass computer names via the pipeline. If this parameter is not specified, the script executes on the computer from where you are running the script.
  • OutFolder: This parameter takes a folder path as an argument. This is where you want to store the results of the script in a text file format. If this parameter is not specified, the script stores the output files in C:\.

Output

This script returns the status both to the PowerShell console and in text files in the path you give via the OutFolder parameter. The script writes the successful computers list to successcomps.txt and the failed/offline computers list to failedcomps.txt.

Usage examples

Enable Remote Desktop on a local computer:

.\Enable-RDPAccess.ps1

Enable Remote Desktop on a remote computer:

.\Enable-RDPAccess.ps1 -ComputerName TIBPC1

Enable Remote Desktop on a list of remote computers:

Get-Content c:\servers.txt | Enable-RDPAccess.ps1

Enable Remote Desktop with a PowerShell scipt

Enable Remote Desktop with a PowerShell scipt

Note: You should test this script in your test lab before using it in a production environment. Depending on the kind of environment, the script may need additional enhancements. Feel free to write in the comments section if you need any further help.

Here is the complete code of the of the PowerShell script Enable RDP Access:

[cmdletbinding()]
param(
	[parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)]
	[string[]]$ComputerName = $env:computername,
	[ValidateScript({Test-Path $_})]
	[string]$OutFolder = "c:\"
)

begin {
$SuccessComps = Join-Path $OutFolder "Successcomps.txt"
$FailedComps = Join-Path $OutFolder "FailedComps.txt"
}

process {
	foreach($Computer in $ComputerName) {
		if(!(Test-Connection -Computer $Computer -Count 1 -ea 0)) {
			Write-Host "$Computer : OFFLINE"
			"$Computer : OFFLINE" | Out-File -FilePath $FailedComps -Append
			Continue
		}
		
		try {
			$RDP = Get-WmiObject -Class Win32_TerminalServiceSetting `
								-Namespace root\CIMV2\TerminalServices `
								-Computer $Computer `
								-Authentication 6 `
								-ErrorAction Stop
								
		} catch {
			Write-Host "$Computer : WMIQueryFailed"
			"$Computer : WMIQueryFailed" | Out-File -FilePath $FailedComps -Append
			continue
		}
		
		if($RDP.AllowTSConnections -eq 1) {
			Write-Host "$Computer : RDP Already Enabled"
			"$Computer : RDP Already Enabled" | Out-File -FilePath $SuccessComps -Append
			continue
		} else {
			try {
				$result = $RDP.SetAllowTsConnections(1,1)
				if($result.ReturnValue -eq 0) {
					Write-Host "$Computer : Enabled RDP Successfully"
					"$Computer : RDP Enabled Successfully" | Out-File -FilePath $SuccessComps -Append
				} else {
					Write-Host "$Computer : Failed to enabled RDP"
					"$Computer : Failed to enable RDP" | Out-File -FilePath $FailedComps -Append

				}
			
			} catch {
				Write-Host "$computer : Failed to enabled RDP"
				"$Computer : Failed to enable RDP" | Out-File -FilePath $FailedComps -Append
			}
		}
	}

}

end {}
4 Comments
  1. Nick M 10 years ago

    Hello, you guys forgot to attach and link to the script in this article. If just using what was pasted to us as examples, we wouldn’t have any output or $env:computername, etc.

    Thank you!

  2. Jeffrey Snover[MSFT} 10 years ago

    That is great. I knew that there was a way to do this but never got around to looking it up.
    THANKS!

    Jeffrey Snover[MSFT]
    Distinguished Engineer and Lead Architect of Windows Server

  3. Nick, sorry, that was my fault. I added the link to the script at the end of the post. Thanks for the hint.

  4. marc 10 years ago

    there are easier ways without powershell:
    psexec @computerlist cmd /C reg add “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /t REG_DWORD /v fDenyTSConnections /D 0 /f
    of course you can reg query each host to sort the result in files.

Leave a reply

Your email address will not be published.

*

© 4sysops 2006 - 2023

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account