Set-RemoteDesktopConfig
Windows: Enables or disables Remote Desktop (RDP) connections
#Requires -Version 5.1
[CmdletBinding()]
Param (
[Parameter(Mandatory = $true)]
[bool]$Enabled,
[bool]$RequireNLA = $true,
[string]$ComputerName = $env:COMPUTERNAME,
[pscredential]$Credential
)
Process {
try {
$scriptBlock = {
Param($IsEnabled, $UseNLA)
$denyValue = if ($IsEnabled) { 0 } else { 1 }
$nlaValue = if ($UseNLA) { 1 } else { 0 }
$tsPath = "HKLM:\System\CurrentControlSet\Control\Terminal Server"
$winStationPath = "HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp"
Set-ItemProperty -Path $tsPath -Name "fDenyTSConnections" -Value $denyValue -Force -ErrorAction Stop
Set-ItemProperty -Path $winStationPath -Name "UserAuthentication" -Value $nlaValue -Force -ErrorAction Stop
if ($IsEnabled) {
Enable-NetFirewallRule -DisplayGroup "Remote Desktop" -ErrorAction SilentlyContinue
}
else {
Disable-NetFirewallRule -DisplayGroup "Remote Desktop" -ErrorAction SilentlyContinue
}
}
if ($ComputerName -ne $env:COMPUTERNAME) {
$invokeParams = @{
'ComputerName' = $ComputerName
'ScriptBlock' = $scriptBlock
'ArgumentList' = @($Enabled, $RequireNLA)
'ErrorAction' = 'Stop'
}
if ($null -ne $Credential) {
$invokeParams.Add('Credential', $Credential)
}
Invoke-Command @invokeParams
}
else {
&$scriptBlock -IsEnabled $Enabled -UseNLA $RequireNLA
}
$result = [PSCustomObject]@{
RDPEnabled = $Enabled
RequireNLA = $RequireNLA
ComputerName = $ComputerName
Action = "RemoteDesktopConfigured"
Status = "Success"
Timestamp = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
}
Write-Output $result
}
catch {
throw
}
}Specifies whether to enable or disable RDP.
If set, requires Network Level Authentication for connections.
Specifies the name of the target computer. Defaults to the local computer.
Specifies a PSCredential object for remote connection.