HOWTO: Enable Remote Desktop on Windows


Today in the article I want to touch on the issue of remote inclusion of RDP, also known as remote desktop. Everyone at least once used this irreplaceable feature, and someone uses it for administration on a daily basis. By default, on Windows server platforms, remote control (WinRM) is enabled, but the remote desktop feature is disabled, and on the desktop version, both functions are disabled by default, therefore, to perform the procedure described below, you will have to enable WinRM on the desktop first. So lets see how to enable RDP


1. Use command line:

   - Run the command prompt as administrator;
Run the following command:
Reg add “\\computername\HKLM\SYSTEM\CurentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d /f
To turn off RDP via the command line, follow these steps:
Run the command prompt;
Run the command:
Reg add “\\computername\HKLM \SYSTEM\CurentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 1 /f

2. Use PowerShell:

   - To enable remote desktop:
Run PowerShell as administrator;
Run the following command and use the Invoke-Command method:
Invoke-Command –Computername “server1”, “Server2” –ScriptBlock {Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value }
Next, enter the command:
Invoke-Command –Computername “server1”, “Server2” –ScriptBlock {Enable-NetFirewallRule -DisplayGroup "Remote Desktop"}
The reverse steps:
We start PowerShell on behalf of the admin;
Enter the command:
Invoke-Command –Computername “server1”, “Server2” –ScriptBlock {Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 1}

3. The second method of switching through PowerShell:

   - We start PowerShell on behalf of the administrator and create a PowerShell session with the necessary computer;
Enter the command:
Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value
And the following command:
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
To turn off:
Repeat the first two steps from the previous paragraph (about the version and session);
Enter the command: Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 1
Important: Computername is the name of the computer on which RDP will be enabled.
Important: Enabling the remote desktop via the command line will not configure the firewall in terms of using the correct ports in order to allow RDP connections.
Important: By default, only local Administrators and a user who is already logged in will be able to use RDP.

Also consider using Action1 to enable Remote Desktop on Windows if:
- You need to perform this action on multiple (hundreds or even thousands) computers simultaneously.
- Some of your endpoints are laptops not connected to corporate network at all times.

Action1 is a cloud-based platform for software deployment, software/hardware inventory, patch management, endpoint configuration and more. It is free with basic functionality.


Other Relevant HOWTOs: