How to Remotely Enable Remote Desktop (RDP) Using PowerShell?

The easiest way to enable Remote Desktop RD on the Windows OS family is to use the GUI. To do this, you need to open the “System” Control Panel item, go to the “Remote Settings” tab and enable the “Allow remote connections to this computer” option in the Remote Desktop section. However, this requires local access to the computer on which you want to enable RD. You can usually ask user for this (need administrator privileges), or local technical support. However, what to do if there is no one in the remote office who could enable the Remote Desktop locally? By default, remote desktop is disabled in both desktop versions of Windows and in Windows Server.

powershell enable remote desktop

If you want to remotely enable Remote Desktop (RDP) on the remote host (server or computer), but you have not access to the local device console, we will show you how to do it by using PowerShell. To do this, the WinRM service (Windows Remote Management) must be enabled on the remote computer. The WinRM service is enabled by default in all versions of Windows Server starting with Windows Server 2012 (however, WinRM is disabled by default in client operating systems such as Windows 10). Thus, to enable RD remotely via PowerShell, the remote computer must meet the following requirements:

READ ALSO  How to Create a New Office 365 Account?
  1. The WinRM service should be started;
  2. You must have administrator permissions on the remote device;
  3. Windows Firewall must be disabled or the rules that allow remote access through PowerShell Remoting should be enabled.

Enable Remote Desktop Remotely Using PowerShell

Suppose you want to remotely enable RDP on Windows Server 2012 R2/2016/ 2019. On your computer, open the PowerShell console and run the following command to connect to your server remotely:

Enter-PSSession -ComputerName server.domain.local -Credential domainadministrator

So, you have established a remote session with a computer and now you can execute PowerShell commands on it. To enable Remote Desktop, you just need to change registry parameter fDenyTSConnections from 1 to 0 on the remote machine. Run the command:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0

powershell enable rdp

When RDP is enabled in this way (as opposed to the GUI method), the rule that allows remote RDP connections is not enabled in the Windows Firewall rules. To allow incoming RDP connections in Windows Firewall, run the command:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

If for some reason this firewall rule is deleted, you can create it manually:

netsh advfirewall firewall add rule name="allow RemoteDesktop" dir=in protocol=TCP localport=3389 action=allow

If you need to enable secure RDP authentication (NLA – Network Level Authentication), run the command:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1

Now from your computer, you can check that TCP 3389 port on the remote host has become available. Run the command:

Test-NetConnection 192.168.1.11 -CommonTCPPort rdp

There should be a result like this:

READ ALSO  Viewing Active Directory Groups Using DSGet Group

ComputerName : 192.168.1.11

RemoteAddress : 192.168.1.11

RemotePort : 3389

InterfaceAlias : Ethernet0

SourceAddress : 192.168.1.90

TcpTestSucceeded : True

enable rdp remotely powershell

This means that RDP on the remote host is enabled and you can establish a remote desktop connection using mstsc client.

Note. By default, only members of the local Administrators group can connect via the RDP remotely. To allow RDP connections for common users, just add them to the local Remote Desktop Users group.

How to Enable Remote Desktop over WMI?

If you want to enable RDP on a remote computer where WInRM is disabled (for example, on a regular computer with Windows 10), you can use WMI PowerShell command.

To check if RDP access is enabled on the remote computer 192.168.1.90, run the command (see the value of the AllowTSConnections property):

Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace root\CIMV2\TerminalServices -Computer 192.168.1.90 -Authentication 6

enable remote desktop via powershell

To enable RDP and add a Windows Firewall exception rule, run the following command:

(Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace root\CIMV2\TerminalServices -Computer 192.168.1.90 -Authentication 6).SetAllowTSConnections(1,1)
Cyril Kardashevsky
Latest posts by Cyril Kardashevsky (see all)
READ ALSO  How to Change RDP Port Number on Windows 10?

3 comments

  1. Thank you very much!
    Set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “UserAuthentication” -Value 1
    I had to set the Value to 0 in order to be able access rdesktop on a windows 2016 server from an ubuntu 18.04 LTS. Perfect help, thanks!

    1. You can leave the NLA enabled for RDP from Ubuntu desktop if you use xfreeRDP rather than rdesktop.
      Here is an example: xfreerdp /u:user /v:computername /size:1600×900
      If you use a desktop launcher you will need to check “run in terminal” because it wants to first time ask about certificate.
      If you also include the /p:password to the xfreeRDP command and is not the first time then you don’t have to check the “run in terminal”
      I personally don’t put my passwords in the launch command as it seems too vulnerable and so let the terminal window come up to prompt for password and the terminal stays in background until session is closed which is not a big deal for me.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.