PowerShell enable Remote Desktop Server 2022

Windows Server 2016 has reached the General Availability [GA] milestone today. You can download it from your volume licensing site or MSDN. You can also create Azure VMs with Windows 2016.

The latest and greatest Windows Server has many new Remote Desktop features. See What’s New in Remote Desktop Services in Windows Server 2016 for the laundry list.

If you’re just trying to enable RDP for remote admin connections, here’s how to do it.

1. Type SystemPropertiesRemote.exe in a command or PowerShell window.
2. In the System Properties dialog, select Allow remote connections to this computer.
   
   
   Figure 2: Allow remote desktop connections.

   Windows Server supports Network Level Authentication [NLA] for RDP connections. This forces the authentication to occur before the session begins. Without NLA, the RDP host presents the user logon screen when the RDP session starts. NLA is more secure.

3. [Optional] Administrators have remote desktop access by default. If you want to allow RDP access to additional users, click Select users, select the users and then close the dialog box.
   
   
   Figure 3: Select users who should be allowed remote desktop connections

Enable Remote Desktop using PowerShell

Of course, many IT pros prefer PowerShell. In this case, I found running SystemPropertiesRemote.exe was faster, but PowerShell helps you automate these settings, for example, as part of unattended setup.

Here’s how you can enable Remote Desktop using PowerShell [credit to Samuel Yee, who has it documented here, saving me the trouble to fire up Process Monitor, one of the fine, and free, Windows SysInternals tools]:

1. Enable Remote Desktop connections

   Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\‘ -Name “fDenyTSConnections” -Value 0

2. Enable Network Level Authentication

   Set-ItemProperty ‘HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\‘ -Name “UserAuthentication” -Value 1

3. Enable Windows firewall rules to allow incoming RDP

   Enable-NetFirewallRule -DisplayGroup “Remote Desktop”

There are scripts in the TechNet Script Gallery that’ll allow you to run this against a large number of computers and turn on any services required to automate this.

Update 12/13/2018:

You can use PowerShell to grant permissions to use Remote Desktop.  As noted earlier in this post, administrators can remote in by default. To provide non-admin users permission to use Remote Desktop, add them to the Remote Desktop Users local group.

Add-LocalGroupMember -Group "Remote Desktop Users" -Member foo

Tags
Administration   Remote Desktop   Windows Server   Windows Server 2016

The Remote Desktop Protocol [RDP] allows you to remotely connect to the desktop of a computer running Windows and work with it as if it is your local computer. By default, Remote Desktop access is disabled in Windows. In this article, we’ll show how to enable and configure RDP access on Windows 10/11 and Windows Server 2019/2022.

How to Enable and Use the Remote Desktop Connection on Windows 10 or 11?

The easiest way to enable Remote Desktop Connection in Windows is to use the Control Panel GUI.

Open the system properties in the Control Panel or run the SystemPropertiesRemote command.

Open the Remote Settings tab and enable the Allow remote connection to this computer option.

For security reasons, it is recommended to allow connections only for RDP clients with NLA support [Allow connections only from computers running Remote Desktop with Network Level Authentication].

Save the changes by clicking OK.

By default, only the members of the local Administrators group can remotely connect to a computer over RDP. If you want to allow RDP access for other users, click Select Users.

In current builds of Windows 10 and Windows 11, the classic System Properties dialog for enabling RDP access is hidden, and Microsoft recommends using the new Settings panel:

1. Open Settings -> System —> Remote Desktop;
2. Switch Enable Remote Desktop to ON;
3. Confirm enabling RDP on the computer.

You can enable RDP on Windows 11 using the modern Settings app. Go to System -> Remote Desktop -> Turn on the Remote Desktop using the toggle button.

Note that by default two options are enabled when you enable Remote Desktop:

• Keep my PC awake for connection when it is plugged in
• Make my PC discoverable on private networks to enable automatic connection from a remote device

Click Advanced settings. Here you can enable Network Level Authentication for your RDP connection [recommended].

If Windows Defender Firewall is enabled on a computer, make sure that it allows incoming RDP connections. By default, TCP port 3389 is used for RDP connections, and the latest Windows builds also use UDP 3389 [see the article about the case when a black screen appears instead of the desktop during an RDP connection].

Open the Control Panel and select Windows Defender Firewall. Open a list of default Windows Firewall rules by clicking the Allow an app or feature through Windows Firewall in the left column.

Make sure that the Remote Desktop rule is enabled for the Private profile [home or corporate network] and for the Public one [public networks] if needed.

If you want, you can set a limit [timeout] on the duration of RDP sessions using GPO.

Now you can remotely connect to this computer using an RDP client. Windows has a built-in RDP client – mstsc.exe. It keeps the history of RDP connections and supports copying files between local and remote computers via the RDP clipboard.

You can also use RDP connection managers, like RDCMan or mRemoteNG, as well as alternative clients.

To make it easier for the users, you can save your RDP connection password in Windows Credential Manager.

Enabling RDP on Windows Using PowerShell

You can quickly enable RDP access on Windows using a couple of PowerShell commands.

1. Run PowerShell.exe as administrator;
2. Enable RDP access through the registry using the Set-ItemProperty cmdlet: Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -name "fDenyTSConnections" -value 0
3. Allow RDP connections to the computer in Windows Defender Firewall. To do it, enable the following firewall rule: Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
4. If you want to add a user to the local RDP access group, run this command: Add-LocalGroupMember -Group "Remote Desktop Users" -Member a.williams

To make sure that the RDP port is open on the computer, use the Test-NetConnection cmdlet:

Test-NetConnection -ComputerName wksde133 -CommonTCPPort RDP

Enable Remote Desktop Connections on Windows Server 2022/2019

Unlike desktop Windows 10 [11] versions, Windows Server supports two concurrent RDP connections by default. These connections are used by administrators to manage the server.

RDP is enabled on Windows Server in the same way: using the SystemPropertiesRemote, Server Manager, or PowerShell commands described above.

You can use Windows Server as a terminal server. In this case, multiple users can simultaneously connect to their own desktops on the server. To do it, install and configure the Remote Desktop Session Host [RDSH] role on the server. To use it, you must purchase and activate special RDS licenses [CALs]. Learn more about RDS licensing.

Also, you can use SSL/TLS certificates to secure your RDP connections.

How to Enable RDP via Group Policy [GPO] in an Active Directory Domain?

If you need to enable Remote Desktop on multiple computers at once, you can use Group Policy [GPO]. We assume that all computers are joined to an Active Directory domain.

1. Run the Group Policy Management console [gpmc.msc];
2. Create a new Group Policy Object [or edit an existing one] and link it to a target OU containing computers or servers;
3. Switch to the policy edit mode and go to the GPO section Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Connections;
4. Find and enable the Allow Users to connect remotely by using Remote Desktop Services parameter;
5. Update GPO settings on the clients;
6. After applying the policy, you will be able to connect to all computers via RDP [the policy will be applied both to desktop clients running Windows 10/11 and Windows Server]. If needed, you can target the RDP policy to specific computers using the WMI GPO filters;
7. If Windows Defender Firewall is enabled on computers, you need to allow RDP traffic for the domain profile in the same GPO. To do it, activate the Windows Firewall: Allow inbound Remote Desktop Exceptions rule [located in Computer Configuration -> Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile].

Enabling Remote Desktop [RDP] Remotely on Windows

Also, you can enable RDP remotely on any computer running Windows. To do it, you must have remote access to the computer [via PowerShell or WMI] and your account must be a member of the local Administrators group on the remote computer.

You can enable RDP remotely via the registry. To do it, the Remote Registry service must be enabled on the remote computer [it is disabled by default]. To run the service:

1. Open the service management console [services.msc];
2. Select Connect to another computer and specify the name of the remote computer;
3. Find the Remote Registry service in the list, change the startup type to Manual, and start the service.

The same can be done remotely from the command prompt using the built-in sc tool [it allows to create, manage, and remove Windows services]:

sc \\wksde133 config RemoteRegistry start= demand
sc \\wksde133 start RemoteRegistry

Then on the local computer:

1. Run the Registry Editor [regedit.exe];
2. Select Connect Network Registry in the File menu;
3. Specify the name or IP address of the remote computer you want to enable RDP on;
4. Go to the reg key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server;
5. Find the fDenyTSConnections parameter [REG_DWORD]. If you cannot find it, create it. Change its value to 0 to enable RDP.

Then the remote computer becomes accessible over RDP immediately without a restart.

But it is much faster to enable RDP in the registry of the remote computer via the command prompt:

REG ADD "\\wksde133\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

If PowerShell remoting is configured on a remote computer, you can run a remote command on it via Invoke-Command:

Invoke-Command -Computername wksde133 -ScriptBlock {Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 0}

Also, you can connect to a remote computer and enable RDP via WMI:

$computername = “wksde133”
[Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace root\CIMV2\TerminalServices -Computer $computername -Authentication 6].SetAllowTSConnections[1,1]