locked
need to enable RemDesktop with NLA in TS RRS feed

  • Question

  • Hello,

    I need the simplest way to enable RemoteDesktop in deployed image.

    found the syntax and tested in batch:

    reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

    it enables RDP but I need with NLA

    Please...


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Tuesday, January 9, 2018 3:54 PM

Answers

  • Try running following PowerShell script during OSD:

    # Determine where to do the logging 
    $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment 
    $logPath = $tsenv.Value("LogPath") 
    $logFile = "$logPath\$($myInvocation.MyCommand).log"
     
    # Start the logging 
    Start-Transcript $logFile
    Write-Host "Logging to $logFile"
     
    # Start Main Code Here
    
    # Enable RDP
    # -> GPO
    Write-Host "Enabling RDP..."
    $rdp = Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace root\CIMV2\TerminalServices -Authentication PacketPrivacy
    $tmp_rdp = $rdp.SetAllowTSConnections(1,1) #first parameter rdp enable, second parameter firewall ports config
    
    If ($tmp_rdp.ReturnValue -eq 0){
    	Write-Host "Remote Connection settings changed sucessfully"
    } 
    Else {
    	Write-Host ("Failed to change Remote Connections setting(s), return code "+$tmp_rdp.ReturnValue)
    }
    
    # Stop logging 
    Stop-Transcript

    You may also find this helpful: https://gallery.technet.microsoft.com/scriptcenter/Powershell-script-to-9d66257a


    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    • Marked as answer by pob579 Wednesday, January 10, 2018 8:16 PM
    Wednesday, January 10, 2018 6:57 AM

All replies

  • Hi,

    I believe you can enable NLA through Group Policy. You can create a template and add the group policy settings locally on the image itself.

    Thanks

    Syed Abdul Kadar .M.


    Dont forget to mark as Answered if you found this post helpful.

    Tuesday, January 9, 2018 3:58 PM
  • sure it is one of the solutions.

    in my case I need to apply it to the image that will go to remote office and want to do it through TS


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Tuesday, January 9, 2018 4:00 PM
  • Hi,

    On your base build, you can apply policy locally, once the image is created it will have all the setting of the base image.

    Thanks

    Syed

     


    Dont forget to mark as Answered if you found this post helpful.

    Tuesday, January 9, 2018 4:04 PM
  • I am looking for a TS script solution for an existing WIM

    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Tuesday, January 9, 2018 4:37 PM
  • instead of arranging and testing script in TS I just recaptured my GOLD VM with the RDP change and replaced WIM.

    Anyway, if somebody can provide quick and reliable TS tweak for enabling RDP with NLA it could be useful in some situations.


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis


    • Edited by pob579 Tuesday, January 9, 2018 8:04 PM
    Tuesday, January 9, 2018 8:04 PM
  • Hi,

    I hope this is what you are looking for

    reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 1 /f

    Thanks

    Syed Abdul Kadar M.


    Dont forget to mark as Answered if you found this post helpful.



    • Edited by Syed Abdul Tuesday, January 9, 2018 8:54 PM
    Tuesday, January 9, 2018 8:53 PM
  • Try running following PowerShell script during OSD:

    # Determine where to do the logging 
    $tsenv = New-Object -COMObject Microsoft.SMS.TSEnvironment 
    $logPath = $tsenv.Value("LogPath") 
    $logFile = "$logPath\$($myInvocation.MyCommand).log"
     
    # Start the logging 
    Start-Transcript $logFile
    Write-Host "Logging to $logFile"
     
    # Start Main Code Here
    
    # Enable RDP
    # -> GPO
    Write-Host "Enabling RDP..."
    $rdp = Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace root\CIMV2\TerminalServices -Authentication PacketPrivacy
    $tmp_rdp = $rdp.SetAllowTSConnections(1,1) #first parameter rdp enable, second parameter firewall ports config
    
    If ($tmp_rdp.ReturnValue -eq 0){
    	Write-Host "Remote Connection settings changed sucessfully"
    } 
    Else {
    	Write-Host ("Failed to change Remote Connections setting(s), return code "+$tmp_rdp.ReturnValue)
    }
    
    # Stop logging 
    Stop-Transcript

    You may also find this helpful: https://gallery.technet.microsoft.com/scriptcenter/Powershell-script-to-9d66257a


    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    • Marked as answer by pob579 Wednesday, January 10, 2018 8:16 PM
    Wednesday, January 10, 2018 6:57 AM
  • Suea,

    your synatax didn`t enabled RDP NLA, even the command executed successfuly (tried from batch as admin and checked after restart).

    Anton, tried your script, when saw red lines was sure that it not worked. Checked the log it showed success.

    Checked GUI it WORKED!. So the Red stuff is related to other things... who cares as soon as it does the job.

    Thanks.


    --- When you hit a wrong note its the next note that makes it good or bad. --- Miles Davis

    Wednesday, January 10, 2018 8:15 PM
  • The errors are being generated because you ran the script outside of a TS. I am accessing the TS environment to determine where to do the logging. :)

    Cheers,
    Anton

    Vacuum Breather Blog | Wing Commander Saga | Twitter

    Note: Posts are provided "AS IS" without warranty of any kind. If posts are helpful please don't forget to rate them as "Helpful" or as "Answer".

    Wednesday, January 10, 2018 8:54 PM