다음을 통해 공유


Windows 2012 Core Survival Guide – Remote Desktop

Learn about my 2012 Core Survival Guide here.

Remote Desktop

This is one of the more complex settings to get correct.  For remote desktop to work you need to have two registry keys and a firewall rule set up correctly.  If the registry key does not exist you will receive an error when you try to view or set it with PowerShell.  Remote Desktop is disabled if either of the following two settings are true:

fDenyTSConnections = 1

Remote Desktop application firewall rule is disabled

If "UserAuthentication" has a value of 1 indicates that only secured connections will be used. 

How view current Remote Desktop settings

fDenyTSConnections is the registry key that enables or disables Remote Desktop. A value of zero indicates that Remote Desktop is being allowed. 

PowerShell Command:

get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections"

If you receive an error it indicates the property does not exist or you typed the command in correctly.

 

UserAuthentication is the registry key that will enable secure connections. A value of one indicates that Remote Desktop will only use Secure Connections. 

PowerShell Command:

get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication"

Once again if you receive an error it indicates the property does not exist or you typed the command in correctly.

  

If the Remote Desktop Firewall Rules is "Enabled", like in the screen shot below, then the firewall rules will allow remote desktop to work.

PowerShell Command:

get-netfirewallrule -DisplayGroup "Remote Desktop" | format-table Name, Enabled -autosize

The screen shot below show that the firewall rules are correct for remote desktop.

 

How to enable Remote Desktop settings

Setting fDenyTSConnections registry key .

PowerShell Command:

set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0

If key does not exist this is the command to use.

New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 -PropertyType dword

In the screen shot below you see the current value, followed by the command to modify the value (in yellow), then followed by the command to confirm the setting.

 

How to enable Remote Desktop Firewall Rules .

PowerShell Command:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

In the screen shot below you see the current value, followed by the command to change it, then followed by a command to confirm the settings have been changed.

 

How to enable Secured Remote Desktop Session

This setting determines if all connections are allowed or only Secured Connections.  A value of 1 for this setting indicates that only Secured Connections.

PowerShell Command:

set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1   

If key does not exist this is the command to use.

New-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1 -PropertyType dword

The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

 

How to Disable Remote Desktop

Setting fDenyTSConnections registry key

PowerShell Command:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1

If the key did not exist you can use this command to create the key and set the value.

PowerShell Command:

Net-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1 -PropertyType dword

The screen shot below shows the command to view the current setting, followed by the command to modify the setting value (in yellow), then followed by the command to confirm the setting change.

 

How to disable Remote Desktop Firewall Rules

PowerShell Command:

Disable-NetFirewallRule -DisplayGroup "Remote Desktop"

In the screen shot below the first command shows the current value, followed by the command to disable the Remote Desktop firewall group, then followed by the command to confirm the setting changed.

 

I hope you found this useful. Please leave me a comment

Bruce

Comments

  • Anonymous
    January 01, 2003
    sconfig's "6) Remote Desktop" menu option should automatically open the firewall (it didn't for me). I didn't see firewall settings mentioned on any other "Core" guide, so I really appreciate you posting this. Never would have known this otherwise!

  • Anonymous
    February 21, 2013
    Thanks!! No more console connection only on the VM for me.  :D

  • Anonymous
    May 23, 2013
    Good work... Thank you for the valuable information..

  • Anonymous
    May 24, 2013
    Article that you had shared with us is useful for us. This article provides us information which can help us to gain knowledge about something new.

  • Anonymous
    May 24, 2013
    This blog is highly informatics, crisp and clear. Here everything has been described in systematic manner so that reader could get maximum information and learn many things. This is one of the best blogs I have read.

  • Anonymous
    October 07, 2013
    "1.On the Server Core server, run: cscript C:WindowsSystem32Scregedit.wsf /ar 0 This enables the Remote Desktop for Administration mode to accept connections." - technet.microsoft.com/.../jj574205.aspx

  • Anonymous
    December 09, 2013
    Great. Straight and to the point. Thanks.

  • Anonymous
    February 19, 2014
    First, I would like to say thank you for taking the time to create this guide. I have been working in Hyper V for 5 years now and never cease to be surprized at how little information the Hyper V team at Microsoft provides. I have been using RDP to connect to the Hyper V server from the start but after upgrading to Hyper V Server 2012 R2 at all my client sites, I lost the ability to remotely connect causing all sorts of problems and aggravations. Your instructions are clear and I am now adjusting all my Hyper V sites. I understand that this is part of Microsoft's overall plan to make server core more central along with the use of PowerShell. However, having said that, some simple FAQ's from the Hyper V development team would not have hurt.

  • Anonymous
    February 19, 2014
    I just noted that the date is Feb 2013 not Feb 2014. I didn't have troubles connecting to Hyper V Server 2012, it was with the R2 upgrade that I encountered the problem. The solution still worked though.

  • Anonymous
    April 01, 2014
    m'ml;b,[,b;pkfpwfk, ,';,;,'w[kl[lfr

  • Anonymous
    July 14, 2014
    Thanks for the information. In my case I do not find Remote Desktop rules.

  • Anonymous
    August 27, 2014
    Great GUIDE!
    Thanks so much!

  • Anonymous
    September 19, 2014
    great guide!
    greetings from France.

  • Anonymous
    October 14, 2014
    I was wondering if you have come across a situation when RDP does not work on a particular interface, but works on all other interfaces in server. (Management VLAN does not work, but Client VLAN does?)

  • Anonymous
    November 12, 2014
    Super thank you for your time and enormous effort on this. You are a real rocket scientist!
    Greetings from Colorado

  • Anonymous
    November 30, 2014
    Thanks!

  • Anonymous
    December 05, 2014
    What about localized windows, how can that be handled fx. "Remote Desktop" is "Fjernskrivebord" in danish, isn't there a way like a SID or something

  • Anonymous
    January 13, 2015
    Thank you. My iDRAC cable was bad and I could not get to a console on my physical server. This blog got me connected.

  • Anonymous
    February 10, 2015
    Awsome!
    Best guide... Cheers!!!

  • Anonymous
    April 14, 2015
    This was a great help - thanks!!

  • Anonymous
    April 22, 2015
    This help me a lot. Thanks

  • Anonymous
    May 09, 2015
    Easy to follow and understand. Thanks for sharing!

  • Anonymous
    June 04, 2015
    Have come back to this page many times during multiple vmWare and Hyper-V VM installs. So darn helpful. Thank you.

  • Anonymous
    July 02, 2015
    Good information

  • Anonymous
    July 02, 2015
    very helpful. Thanks a lot.

  • Anonymous
    November 01, 2015
    Hi there, hum thank you very much for this. On the other hand if you type Net-ItemProperty it won't work not because the key does not exist (but because this cmdlet does not exist !) but as you already written the command it is set-itemproperty or get-itemPROPERTY ..... I suppose it is a little mystake anyway this is not important all the rest is brillant
    thank you very much dude for this explanation
    Have a nice day