How to enable Remote Desktop Using PowerShell

Remote Desktop is very common still for many companies remote users to use, not all users needed since they most likely use VPN to get access to apps or just using the cloud-based. PowerShell is a new way to make changes to your remote computer lot easier than opening GUI and waiting for it to load and make changes. If you are admin of the network, it’s very easy to make changes and get the status of remote computer settings. Here in this post will do the Remote Desktop enable using PowerShell, let’s get started it

Computer or server must meet the following requirements:

  • The WinRM service should be started
  • You must have administrator permissions on the remote device
  • Firewall rule should be set to allow RDP connection default port 3389 if you have changed the default port make sure to add to your firewall rule

To start the session from your Windows 10 computer or Windows server, open PowerShell with Administrator

Command: Enter-PSSession -ComputerName YourRemoteComputerName or IP address -Credential domain\administrator

Once you are connected to a remote computer or server, you can run the following command to get current status:

Get-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server’-name “fDenyTSConnections”

Then to change the setting to allow RDP connection, just run following:

Set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server’-name “fDenyTSConnections” -Value 0

You should also make sure that you have only secured RDP authentication (NLA – Network Level Authentication) to check  run the command: you should see 1

Get-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “UserAuthentication”

 If you see 0 then set it to 1 by running:

Set-ItemProperty -Path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp’ -name “UserAuthentication” -Value 1

To test the Remote Desktop connection:

Test-NetConnection ComputerName or IP address -CommonTCPPort RDP

That’s it for now, here is a screenshot of the GUI look like after you have enabled the RDP

Note: if the user whom RDP into this remote computer is not admin user you need to add them to a remote desktop group, if you want to do via PowerShell you can check this post out: How to add a local user to windows 10 via PowerShell



How to add a local user to Windows 10 via PowerShell

PowerShell is very common to use these days as more and more software doing automation.  Many times it’s harder to find Graphical User Interface (GUI) to add a user or find other settings.  In this post, I am adding a local user via PowerShell and adding a user to local group.  PowerShell has built-in help and examples too, so if you want to know more about the command just type Get-Help then Name of command and it will give more info about it. Let’s get started exploring the options starting with viewing current users.

To see current local users:

PS C:\> Get-LocalUser

To see Local Groups:

PS C:\> Get-LocalGroup

Adding user:

PS C:\>New-LocalUser –Name WhatEverName

When you hit Enter it will give you option to put the password

To remove a local user:

Make sure you have at least one user account and it’s a member of LocalAdmin group

PS C:\> Remove-LocalUser -Name WhatEverNameYouWantToRemove

Add user to Local Group:

My example user name is: Admin replace that with your user name

PS C:\> add-LocalGroupMember -Group “Administrators” -Member “Admin”

To see Local Group Member of Administrator (Local admins)

PS C:\> Get-LocalGroupMember ‘Administrators’

To add a user to a Local admin group:

PS C:\> Add-LocalGroupMember -Group “Administrators” -Member “User1”, “User2”, etc…

Many more options you can via PowerShell now, if you get an error make sure to read it and see where the error is, it will give you clue and also some commands require Admin right you will get an error like Access denied