RDP Connection Setter v1.0

Following on from my Windows XP & 7 guide, Enable RDP using the registry editor, I have created this PowerShell script to automate the task. This script will check if the “Remote Registry” service is started. If it isn’t, it’ll start it. It will then dig through the registry to find the DWORD we need to change and it’ll switch it on/off depending on your parameters.

The registry keys are in the same location, so this PS1 should work for Windows XP & 7 target machines. I assume this means it will work for Windows Vista as well, and probably 8, 8.1 and 10 as well, but these are all untested.

Usage: .\SetRDP.ps1 -PC computername [ -enable | -disable ]

download-icon.273921f460a0c6119fe317a1393d1ce1 Download the RDP Connection Setter v1.0 here!

#################################################################################################
#                                                                                               #
#   RDP Connection Setter v1.0                                                                  #
#                                                                                               #
#   Written by: Mike Oldfield                                                                   #
#   Date: 27/06/2016                                                                            #
#                                                                                               #
#   This PS1 automates enabling/disabling RDP connections, by tweaking the fDenyTSConnections   #
#   registry key.                                                                               #
#                                                                                               #
#   Usage: .\SetRDP.ps1 -PC cfsbeckwkxxxxx [-enable | -disable]                                 #
#                                                                                               #
#################################################################################################

#############################
#                           #
#         PARAMETERS        #
#                           #
#############################

# Set some avaialble paramters. This bit must come first

param (
    [Parameter(Mandatory=$true)]        # Set the following parameter to be mandatory
    [string]$PC,                        # -PC: Set the computer name we're editing
    [switch]$enable = $true,            # -enable: Default to enabling RDP
    [switch]$disable = $false           # -disable: Option to disable RDP, set to false by default
    
)

$scriptVer = "v1.0"                 # What version of the script is this? Used for header info
$scriptAuth = "Mike Oldfield"       # Who wrote the script?
$scriptLastUpdate = "27/06/2016"    # When was the script last updated?

$RRServStopped = 0                  # Empty out the $RRServStopped variable. This is used to determine if we had to start "Remote Registry" service later on

#############################
#                           #
#        SCRIPTY BIT        #
#                           #
#############################

# Write a pretty header

Write-Host "`r`n##################################################`r`n" -ForegroundColor darkcyan -NoNewLine
Write-Host "#####   " -ForegroundColor darkgray -NoNewLine
Write-Host "RDP Connection Setter $scriptVer           " -ForegroundColor gray -NoNewLine
Write-Host "#####`r`n#####   " -ForegroundColor darkgray -NoNewLine
Write-Host "Written by: $scriptAuth   " -ForegroundColor gray -NoNewLine
Write-Host "         #####`r`n#####   " -ForegroundColor darkgray -NoNewLine
Write-Host "Last Updated: $scriptLastUpdate " -ForegroundColor gray -NoNewLine
Write-Host "            #####`r`n" -ForegroundColor darkgray -NoNewLine
Write-Host "##################################################`r`n" -ForegroundColor darkcyan

# Check if we asked to disable the RDP connection
if ($disable) {

    # If we did, set $enable to false
    $enable = $false
    
}

# Start trying things
try {

    # Tell us what we're about to do
    if ($enable) { Write-Host "Attempting to enable RDP connections on $PC ... " -NoNewLine }
    if ($disable) { Write-Host "Attempting to disable RDP connections on $PC ... " -NoNewLine }

    # Find out if the "Remote Registry" service is stopped or started
    $RRService = Get-Service -Name "Remote Registry" -ComputerName $PC -ErrorAction Stop
    
    # If the last command told us the service is stopped...
    if ($RRService.Status -ne "Running") {
    
        # Start the service
        $RRService | Set-Service -Status Running -ErrorAction Stop
        
        # Set $RRServStopped to 1 to tell us we had to start the service
        $RRServStopped = 1
    
    }
    
    # Connect to the remote registry of the PC
    $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey("LocalMachine", $PC)
    
    # Open the location where the fDenyTSConnections DWORD sits
    $regKey = $reg.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Terminal Server", $true)
    
    # Find out the value of the fDenyTSConnections DWORD. Enabled = 0, Disabled = 1
    $fDenyTSConnections = $regKey.GetValue("fDenyTSConnections")
    
    # Now check if we asked to disable the RDP connection
    if ($disable) {
    
        # Have a look at the current value. If it's 1 (disabled)...
        if ($fDenyTSConnections -eq 1) {
        
            # Tell us it is already disabled
            Write-Host "RDP is already disabled on this machine" -ForegroundColor yellow
            
        # But if it's 1 (enabled)...
        } elseif ($fDenyTSConnections -eq 0) {
        
            # Change it from 0 (enabled) to 1 (disabled) as requested
            $regKey.SetValue("fDenyTSConnections", 1)
            
            # Tell us we were successful
            Write-Host "RDP disabled" -ForegroundColor green
        
        # But if it isn't 0 or 1, which should never happen...
        } else {
        
            # Tell us the registry is broken!
            Write-Host "Error! RDP setting isn't enabled nor disabled. Your registry is broken!" -ForegroundColor red           
        
        }
        
    # But if we asked to enable the RDP connection
    } elseif ($enable) {
    
        #Have a look at the current value. If it's 0 (enabled)...
        if ($fDenyTSConnections -eq 0) {
        
            # Tell us it is already enabled
            Write-Host "RDP is already enabled on this machine" -ForegroundColor yellow
        
        # But if it's 1 (disabled)...
        } elseif ($fDenyTSConnections -eq 1) {
        
            # Change it from 1 (disabled) to 0 (enabled)
            $regKey.SetValue("fDenyTSConnections", 0)
            
            # Tell us we were successful
            Write-Host "RDP enabled" -ForegroundColor green
        
        # But if it isn't 0 or 1, which should never happen...
        } else {
        
            #Tell us the registry is broken!
            Write-Host "Error! RDP setting isn't enabled nor disabled. Your registry is broken!" -ForegroundColor red           
        
        }
    
    # But if we didn't ask for it to be enabled nor disabled, which should never happen...
    } else {
    
        # Tell us we're confused
        Write-Host "Error! I don't know what you want me to do! Check your parameters!"
    
    }
    
    # Check if we had to start the "Remote Registry" service earlier. If we did...
    if ($RRServStopped -eq 1) {
    
        # Stop the service again. It was likely disabled for a reason so we don't want to leave it running
        Invoke-Command -ComputerName $PC -ScriptBlock {
            Stop-Service -Name "Remote Registry" -ErrorAction Stop
        }
        
        # Set $RRServStopped back to 0
        $RRServStopped = 0
    
    }
    
# Catch any errors that occur
} catch [System.Exception] {

    # Report the error
    Write-Host "Error! $_" -ForegroundColor red

}

# Add a blank line to make things pretty
Write-Host ""

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: