How To Enable Rdp On Windows 10 Remotely

In this postal service I show you how y'all can enable Remote Desktop on Windows 10 via Group Policy, PowerShell, WMI, or psexec because even the geekiest CLI geek sometimes needs to RDP into a remote Windows automobile.

• Author
• Recent Posts

Michael Pietroforte is the founder and editor in chief of 4sysops. He has more than 35 years of feel in Information technology management and system administration.

You probably know you can enable Remote Desktop in the Windows 10 Control Panel'southward System app. That's quick to do if the computer is on your desk. All the same, if you want to access a remote motorcar and Remote Desktop is disabled for security reasons in your arrangement, yous have to enable Remote Desktop access remotely.

Allow remote connections in the Windows 10 Control Console

Allow Remote Desktop via Group Policy ^

The easiest manner certainly is to enable RDP access via Group Policy:Permit users to connect remotely using Remote Desktop Services

You can find the policy here:

Computer Configuration > Authoritative Templates > Windows Components >Remote Desktop Services > Remote Desktop Session Host > Connections.

Let users to connect remotely past using Remote Desktop Services

You will likewise have to permit RDP in the Windows Firewall on the remote Windows 10 computer:

Computer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile

Allow inbound Remote Desktop connections via Group Policy

The simply problem is that Grouping Policy is sluggish, and if yous want to log in quickly to a remote machine, it is often not an option. By contrast, on a PowerShell panel, you can essentially get the chore washed with a unmarried control.

Enable Remote Desktop via PowerShell ^

However, at that place is a catch—really, 2. Windows Firewall might get in your manner, and if PowerShell remoting is not enabled on the car, things tin can go a bit tricky. I know of two methods to enable Remote Desktop remotely via PowerShell. Which method you lot use by and large depends on your Windows Firewall configuration.

Permit's assume beginning that PowerShell remoting is enabled on the remote machine. If and then, you can merely enable Remote Desktop past modifying a registry key on the remote auto:

Invoke-Command -Computername <computer proper noun> -ScriptBlock {Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Proper noun "fDenyTSConnections" –Value 0 }

We are using Invoke-Command to execute the Set-ItemProperty remotely, which changes the value fDenyTSConnections to 0.

Most probable, Windows Firewall blocks RDP on the remote automobile. To open the Remote Desktop port, you lot tin can use this PowerShell command:

Invoke-Command -Computername <computer proper name> -ScriptBlock {Enable-NetFirewallRule -DisplayGroup "Remote Desktop"}

We are using PowerShell remoting over again to execute Enable-NetFirewallRule remotely.

Enable Remote Desktop via WMI ^

If PowerShell remoting is not enabled on the remote machine, y'all tin can all the same apply PowerShell via WMI for the chore. This tin be useful if you demand to enable RDP on multiple machines or if this chore is part of a larger automation problem and your organization's security guidelines don't allow PowerShell remoting. Sitaram wrote a PowerShell script that uses the Get-WmiObject cmdlet. This allows yous to manage computers remotely without PowerShell remoting.

I removed the function of the script that offset checks via Test-Connection if the computer is online considering this would crave an additional firewall setting to make the script work.

[cmdletbinding()] param( 	[parameter(ValueFromPipeline=$true,ValueFromPipelineByPropertyName=$true)] 	[string[]]$ComputerName = $env:computername, 	[ValidateScript({Test-Path $_})] 	[string]$OutFolder = "c:\" )  begin { $SuccessComps = Bring together-Path $OutFolder "Successcomps.txt" $FailedComps = Join-Path $OutFolder "FailedComps.txt" }  process { 	foreach($Estimator in $ComputerName) {  		try { 			$RDP = Get-WmiObject -Class Win32_TerminalServiceSetting ` 								-Namespace root\CIMV2\TerminalServices ` 								-Calculator $Computer ` 								-Authentication 6 ` 								-ErrorAction Cease 								 		} take hold of { 			Write-Host "$Computer : WMIQueryFailed" 			"$Figurer : WMIQueryFailed" | Out-File -FilePath $FailedComps -Append 			continue 		} 		 		if($RDP.AllowTSConnections -eq 1) { 			Write-Host "$Computer : RDP Already Enabled" 			"$Computer : RDP Already Enabled" | Out-File -FilePath $SuccessComps -Append 			continue 		} else { 			effort { 				$result = $RDP.SetAllowTsConnections(i,1) 				if($event.ReturnValue -eq 0) { 					Write-Host "$Computer : Enabled RDP Successfully" 					"$Computer : RDP Enabled Successfully" | Out-File -FilePath $SuccessComps -Append 				} else { 					Write-Host "$Computer : Failed to enabled RDP" 					"$Computer : Failed to enable RDP" | Out-File -FilePath $FailedComps -Append  				} 			 			} catch { 				Write-Host "$computer : Failed to enabled RDP" 				"$Computer : Failed to enable RDP" | Out-File -FilePath $FailedComps -Append 			} 		} 	}  }  terminate {}

To empathise how the script works, please read Sitaram'south article. To use the script, you just have to save it to a file (Enable-RDPAccess.ps1) and and so run this command:

.\Enable-RDPAccess.ps1 -ComputerName <computer proper name>

Enable RDP via WMI

If you want to enable RDP on multiple Windows ten computers, you tin save the computer names in a text file and so use Go-Content to pipage the calculator names to Enable-RDPAccess.ps1:

Become-Content <path to text file> | Enable-RDPAccess.ps1

Theoretically, y'all probably can also configure the Windows Firewall to permit the RDP connection withGet-WmiObject. All the same, I couldn't discover the corresponding class. If you know more, delight mail service a comment below.

However, I know another way to configure the firewall via WMI, and that is with the wmic command:

wmic /node:<computer name> process call create "cmd.exe /c netsh firewall set service RemoteDesktop enable"

Of course, you tin can also enable Remote Desktop with wmic:

wmic /node:<computer name> process call create 'cmd.exe /c reg add "HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f'

Remotely enable RDP on Windows 10 with wmic

Annotation that you accept to configure the Windows Firewall of the remote auto to allow WMI access for the PowerShell script and for wmic to work. You could practise this via Grouping Policy:

Estimator Configuration > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security.

Right-click Inbound Rules and then add the predefined rule Windows Direction Instrumentation (WMI).

Enable WMI in Windows Firewall via Group Policy

But now nosotros are where we were in the get-go. Nosotros could then just use Group Policy to enable RDP correct away. However, if WMI is already enabled in your firewall for other reasons, using Become-WmiObject is an option.

Also, if you frequently have to enable RDP remotely on Windows 10 machines, but your visitor policy doesn't allow you to work with PowerShell remoting, you could also consider opening WMI in your firewall permanently. I suppose information technology is less risky simply because WMI is more hard to use than PowerShell remoting, and all the script kiddies who downloaded PowerShell scripts to hack into your systems will be in problem.

Enable RDP via psexec ^

Yet another selection is Microsoft's gratuitous tool psexec. It besides doesn't require PowerShell remoting to be enabled. The but downside is that it is non every bit straightforward to use as Invoke-Command in PowerShell scripts. Psexec requires that Windows Firewall is open for File and Printer sharing, which is probably more than common than open up WMI ports or enabled PowerShell remoting:

Figurer Configuration > Policies > Administrative Templates > Network > Network Connections > Windows Firewall > Domain Profile > Windows Firewall: Permit inbound file and printer sharing exception

Let file and printer sharing in the Windows Firewall

To alter the registry to enable RDP with psexec, you accept to run this command:

psexec.exe \\<computer name> reg add together "HKEY_LOCAL_MACHINE\Organisation\CurrentControlSet\Command\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

This command likewise just sets the registry fundamental that disables Terminal Server access to 0.

To allow RDP connections in the Windows Firewall, y'all can also use psexec:

Subscribe to 4sysops newsletter!

psexec.exe \\<computer name> netsh firewall ready service RemoteDesktop enable

Enable Remote Desktop with psexec

Determination ^

If y'all have to enable Remote Desktop remotely, you take a variety of options. Which one yous employ depends on how apace yous need admission and the Windows Firewall configuration on the remote machine. If all the firewall ports discussed in this post are airtight, Group Policy is your only option. If someone is shut to the figurer, the person can reboot the machine to use the GPO. Yes, you can also remotely reboot the motorcar. Just if you don't have a system direction tool with this feature, you lot besides have to open a couple of firewall ports for a remote reboot.

Source: https://4sysops.com/archives/enable-remote-desktop-remotely-on-windows-10/

Posted by: worshammarithere.blogspot.com

Share this post