PowerShell: Remote Desktop Connections and NLA

There seem to be no available cmdlets to change the settings in the Remote Desktop section of the Remote tab in the System Properties dialogue box:

Remote Desktop dbox

Namely to switch between Don’t allow remote connections to this computer and Allow remote connections to this computer. Then, on selecting the latter, to control Allow connections only from computers running Remote Desktop with Network Level Authentication.

Luckily you can do this with two WMI objects from within the root\CIMV2\TerminalServices namespace:

The script below allows you to set all the options on either a remote or local computer. To change the local computer set the ComputerName parameter to localhost or just a full stop (.).

param([string]$ComputerName = "", [int]$RDPEnable = "", [int]$RDPFirewallOpen = "", [int]$NLAEnable = "")

# $RDPEnable - Set to 1 to enable remote desktop connections, 0 to disable
# $RDPFirewallOpen - Set to 1 to open RDP firewall port(s), 0 to close
# $NLAEnable - Set to 1 to enable, 0 to disable

if (($ComputerName -eq "") -or ($RDPEnable -eq "") -or ($RDPFirewallOpen -eq "") -or ($NLAEnable = "")){
   Write-Host "You need to specify all parameters, e.g.:" -ForegroundColor Yellow
   Write-Host " .\RemoteConnections.ps1 localhost 1 1 0" -ForegroundColor Yellow
   exit
 }

# Remote Desktop Connections
$RDP = Get-WmiObject -Class Win32_TerminalServiceSetting -ComputerName $ComputerName -Namespace root\CIMV2\TerminalServices -Authentication PacketPrivacy
$Result = $RDP.SetAllowTSConnections($RDPEnable,$RDPFirewallOpen) # First value enables remote connections, second opens firewall port(s)
if ($Result.ReturnValue -eq 0){
   Write-Host "Remote Connection settings changed sucessfully"
} else {
   Write-Host ("Failed to change Remote Connections setting(s), return code "+$Result.ReturnValue) -ForegroundColor Red
   exit
}

# NLA (Network Level Authentication)
$NLA = Get-WmiObject -Class Win32_TSGeneralSetting -ComputerName $ComputerName -Namespace root\CIMV2\TerminalServices -Authentication PacketPrivacy
$NLA.SetUserAuthenticationRequired($NLAEnable) | Out-Null # Does not set ReturnValue to 0 when it succeeds and we don't want to see screen output to pipe to null
# Recreate the WMI object so we can read out the (hopefully changed) setting
$NLA = Get-WmiObject -Class Win32_TSGeneralSetting -ComputerName $ComputerName -Namespace root\CIMV2\TerminalServices -Authentication PacketPrivacy
if ($NLA.UserAuthenticationRequired -eq $NLAEnable){
   Write-Host "NLA setting changed sucessfully"
} else {
   Write-Host "Failed to change NLA setting" -ForegroundColor Red
   exit
}

I should probably make this into a cmdlet (or maybe Microsoft might have cared to do that for us all in the first place…!).

This entry was posted in PowerShell, Remote Desktop, Windows and tagged , , , , , , , , , , , . Bookmark the permalink.

3 Responses to PowerShell: Remote Desktop Connections and NLA

  1. Pingback: Remote Desktop Connection: Can’t connect | Robin CM's IT Blog

  2. Pingback: Enable RDP, firewall exceptions, and NLA settings via PowerShell and WMI (aka “the right way”) | cluberti.com

  3. Pingback: Remote desktop error on Windows 2012 | YASAB

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s