windows powershell

How to Remotely Enable Remote Desktop (RDP) Using PowerShell


The easiest way to enable Remote Desktop RD on the Windows OS family is to use the GUI. To do this, you need to open the “System” Control Panel item, go to the “Remote Settings” tab and enable the “Allow remote connections to this computer” option in the Remote Desktop section. However, this requires local access to the computer on which you want to enable RD. You can usually ask user for this (need administrator privileges), or local technical support. However, what to do if there is no one in the remote office who could enable the Remote Desktop locally? By default, remote desktop is disabled in both desktop versions of Windows and in Windows Server.

powershell enable remote desktop

If you want to remotely enable Remote Desktop (RDP) on the remote host (server or computer), but you have not access to the local device console, we will show you how to do it by using PowerShell. To do this, the WinRM service (Windows Remote Management) must be enabled on the remote computer. The WinRM service is enabled by default in all versions of Windows Server starting with Windows Server 2012 (however, WinRM is disabled by default in client operating systems such as Windows 10). Thus, to enable RD remotely via PowerShell, the remote computer must meet the following requirements:

  1. The WinRM service should be started;
  2. You must have administrator permissions on the remote device;
  3. Windows Firewall must be disabled or the rules that allow remote access through PowerShell Remoting should be enabled.

Enable Remote Desktop Remotely Using PowerShell

Suppose you want to remotely enable RDP on Windows Server 2012 R2/2016/ 2019. On your computer, open the PowerShell console and run the following command to connect to your server remotely:

Enter-PSSession -ComputerName server.domain.local -Credential domain\administrator

So, you have established a remote session with a computer and now you can execute PowerShell commands on it. To enable Remote Desktop, you just need to change registry parameter fDenyTSConnections from 1 to 0 on the remote machine. Run the command:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0

powershell enable rdp

When RDP is enabled in this way (as opposed to the GUI method), the rule that allows remote RDP connections is not enabled in the Windows Firewall rules. To allow incoming RDP connections in Windows Firewall, run the command:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

If for some reason this firewall rule is deleted, you can create it manually:

netsh advfirewall firewall add rule name="allow RemoteDesktop" dir=in protocol=TCP localport=3389 action=allow

If you need to enable secure RDP authentication (NLA – Network Level Authentication), run the command:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1

Now from your computer, you can check that TCP 3389 port on the remote host has become available. Run the command:

Test-NetConnection 192.168.1.11 -CommonTCPPort rdp

There should be a result like this:

ComputerName : 192.168.1.11

RemoteAddress : 192.168.1.11

RemotePort : 3389

InterfaceAlias : Ethernet0

SourceAddress : 192.168.1.90

TcpTestSucceeded : True

enable rdp remotely powershell

This means that RDP on the remote host is enabled and you can establish a remote desktop connection using mstsc client.

Note. By default, only members of the local Administrators group can connect via the RDP remotely. To allow RDP connections for common users, just add them to the local Remote Desktop Users group.

How to Enable Remote Desktop over WMI?

If you want to enable RDP on a remote computer where WInRM is disabled (for example, on a regular computer with Windows 10), you can use WMI PowerShell command.

To check if RDP access is enabled on the remote computer 192.168.1.90, run the command (see the value of the AllowTSConnections property):

Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace root\CIMV2\TerminalServices -Computer 192.168.1.90 -Authentication 6

enable remote desktop via powershell

To enable RDP and add a Windows Firewall exception rule, run the following command:

(Get-WmiObject -Class Win32_TerminalServiceSetting -Namespace root\CIMV2\TerminalServices -Computer 192.168.1.90 -Authentication 6).SetAllowTSConnections(1,1)

You may also like:

Add Calendar Permissions in Office 365 via PowerSh... This is a tutorial on how to add calendar permissions in Office 365 for your users via PowerShell. You can add the permissions on a specific user’s ma...
How to copy files with BITS using PowerShell? If you use local (and global) networks, you might know that files between systems are transferring by using SMB, FTP or HTTP protocols. The problem wi...
Removing Old and Unused Drivers from Driver Store ... Each time you install or update your device driver, Windows OS (since Vista) continues to store the old version of the driver in the system Driver Sto...
How to transfer FSMO Roles From a Failed Domain Co... In case domain controller, which owns FSMO (Flexible Single Master Operation) roles, is fail (virus attack, fatal software problems or catastrophic ha...
LZX — new Windows 10 NTFS compression algorithm Many of you may know that NTFS file system used by Windows 10 already has a built-in NTFS compression feature. But in Windows 10 Microsoft has added c...

Add Your Comment