depends. do you want to enable them remotely or is this a script that will be run locally on each system?
Use Shay Levy's "Remote Registry PowerShell Module", and modify the value of the "fDenyTSConnection" value in the
key "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" on the remote box to "0"
The Windows 7 box will need to be rebooted before it will take effect.
See
http://oreilly.com/windows/archive/server-hacks-remote-desktop.html
Or, grab Michal Gajda's script "Enable-RDP.ps1" in the gallery :)
Karl
in powershell:
PS C:\> dir 'HKLM:SYSTEM\CurrentControlSet\Control\Terminal Server' Hive: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server SKC VC Name Property --- -- ---- -------- 3 0 AddIns {} 0 1 AuthorizedApplications {(default)} 0 27 DefaultUserConfiguration {Callback, CallbackNumber, Domain, InitialProgram...} 0 8 Dos {KbdIdleBusymsAllowed, KbdIdleDetectAbsolute, KbdIdleDetectProbationCount, Kb... 0 1 InputDevices {(default)} 2 0 KeyboardType Mapping {} 0 0 Licensing Core {} 0 21 SysProcs {csrss.exe, smss.exe, screg.exe, lsass.exe...} 3 0 Utilities {} 2 0 VIDEO {} 1 0 Wds {} 2 2 WinStations {DefaultSecurity, ConsoleSecurity} PS C:\>
No "
fDenyTSConnection" value, but I'm using XP here.
Al;
I'm curious - open your registry editor and look - I have the value in Win8, and yet I also do not see the value in PowerShell.
Karl
FWIW, the reason it doesn't show up with "dir" is because dir is get-childitem, and that's not a child item of that key, but instead a "property" of the key itself. The registry provider in PowerShell maps registry keys to items and registry values to properties.
If you use
Get-ItemProperty 'HKLM:SYSTEM\CurrentControlSet\Control\Terminal Server'
then you will see it listed
I never like modifying the registry unless that is the only way to do it. Here are a couple of commands that I use all the time to enable RDC.
# Enable Remote Desktop (Get-WmiObject Win32_TerminalServiceSetting -Namespace root\cimv2\TerminalServices).SetAllowTsConnections(1,1) | Out-Null (Get-WmiObject -Class "Win32_TSGeneralSetting" -Namespace root\cimv2\TerminalServices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(0) | Out-NullThis is for running locally, but you can also add a -computername to the gwmi to set it on a remote machine. Obviously, then you would need to have RPC enabled.
Tim, those Get-WmiObject lines work nicely, except for me on Server 2012 it doesn't enable the secure connection.
Or do I perhaps have to set the 0 to 1 in SetUserAuthenticationRequired?
another way out would be
Set-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 1