Sever 2012 Enable RDP In the spirit of indempotent commands

by Mar 5, 2015


I have not posted anything for a while, and I have been trying to get up to speed on DSC, which makes you think a little differently about the tools you make.  I recently had to build a few new servers, I did all the work within the PoweShell ISE.  When I was done, I thought I better RDP onto the server to see if I forgot anything.  I was not able to RDP to the servers.  I actually think this is cool, but someone else may want to use these server…lol  So I looked up the commands to enable RDP on a 2012 server. 

I have also been working with REST lately and between that and DSC, I have learned this new concept of "Idempotent", which I have come to understand means you can run the command more than once and it will not do any harm. 

I don't know why, but I decided to make the three things that need to be set for RDP in 2012 like that.  You can run these sections once, or 100 times, it won't hurt anything.  After it makes the changed, if there are changes to make, it just tells you that the key or setting is already set.

 #In the spirit of test, set, get – idempotent
#RDP Setup on New Server:
if((get-ItemProperty -Path 'HKLM:SystemCurrentControlSetControlTerminal Server'-name "fDenyTSConnections").fDenyTSConnections -eq 1){
    set-ItemProperty -Path 'HKLM:SystemCurrentControlSetControlTerminal Server'-name "fDenyTSConnections" -Value 0
        if((get-ItemProperty -Path 'HKLM:SystemCurrentControlSetControlTerminal Server'-name "fDenyTSConnections").fDenyTSConnections -eq 0){
            Write-Output "Configuration changed to value 0, now configured for RDP."
            Write-Output "Configuration failed attempt to change setting."
    Write-Output "Currently configured for RDP, value 0."


#Check for RDP Secure connections only.
if((get-ItemProperty -Path 'HKLM:SystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp' -name "UserAuthentication").UserAuthentication -eq 1){
    Write-Output "This server is set for Secure connections only, value 1."
    Write-Output "Either this key doesnt' exist, or it is set to a value other than 1, which is Secure connections only"
        if($test = get-ItemProperty -Path 'HKLM:SystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp' -name "UserAuthentication"){
            Write-Output "Tested path and item, key exists, Value set to $test.UserAuthentication"
            New-ItemProperty -Path 'HKLM:SystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp' -name "UserAuthentication" -Value 1 -PropertyType dword
            $test = get-ItemProperty -Path 'HKLM:SystemCurrentControlSetControlTerminal ServerWinStationsRDP-Tcp' -name "UserAuthentication"
            Write-Ouput "The key UserAuthentication was just created and value set to $test.UserAuthentication"


#set the firewall rules for RDP to enalbled
get-netfirewallrule -DisplayGroup "Remote Desktop" | foreach{
    If($_.Enabled -eq "False"){
        $_ | Enable-NetFirewallRule
        Write-Output "Firewall rule $($ set to enalbed"
        Write-Output "Firewall rule $($_.Name) already enalbled"