Snippets

Jason Grey rdp - no write

Created by Jason Grey
snippet.txt
Raw 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
$RDPTCPpath = 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\Winstations\RDP-Tcp'
$TSpath = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services'
$msg = 'Set Computer Configuration\Policies\Administrative Templates: Policy definitions\Windows Components\Remote Desktop Services\Remote Desktop Session Host\'
$domainJoined = (gwmi win32_computersystem).partofdomain
if ($domainJoined) {
  Write-Host Domain: (gwmi win32_computersystem).Domain
} else {
  Write-Host Not domain joined
  Set-ItemProperty -Path $RDPTCPpath -name LanAdapter -Value 0
}

function ReadReg()
{
  Param($Path,$Name,$Expected,$Text)
  $Value=(Get-ItemProperty -Path $Path -Name $Name -ErrorAction SilentlyContinue).$Name
  Write-Host ($Path+'\'+$Name+': '+$Value)
  if (!($Expected -eq $null) -and !($Expected -eq $Value)) {
    if ($domainJoined) {
      if (!($Value -eq $null)) {
        Write-Host ($msg+$Text)
      }
    } else {
      Write-Host Reset value to expected: $Expected]
    }
  }
}

ReadReg -Path $RDPTCPpath -Name PortNumber
ReadReg -Path $TSpath -Name fDenyTSConnections -Text 'Connections\Allow users to connect remotely by using Remote Desktop Services'

$t = 'Connections\Configure keep-alive connection interval'
ReadReg -Path $TSpath -Name KeepAliveEnable -Expected 1 -Text $t
ReadReg -Path $TSpath -Name KeepAliveInterval -Expected 1 -Text $t
ReadReg -Path $TSpath -Name KeepAliveTimeout -Expected 1 -Text $t

$t = 'Connections\Automatic reconnection'
ReadReg -Path $TSpath -Name fDisableAutoReconnect -Expected 0 -Text $t
ReadReg -Path $RDPTCPpath -Name fInheritReconnectSame -Expected 1 -Text $t
ReadReg -Path $RDPTCPpath -Name fReconnectSame -Expected 0 -Text $t

ReadReg -Path $RDPTCPpath -Name fInheritMaxSessionTime -Expected 1 -Text 'Session Time Limits\Set time limit for active Remote Desktop Session Services sessions'

$t = 'Session Time Limits\Set time limit for disconnected sessions'
ReadReg -Path $RDPTCPpath -Name fInheritMaxDisconnectionTime -Expected 1 -Text $t
ReadReg -Path $RDPTCPpath -Name MaxDisconnectionTime -Expected 0 -Text $t

ReadReg -Path $RDPTCPpath -Name MaxConnectionTime -Expected 0 -Text 'Session Time Limits\End session when time limits are reached'

$t = 'Session Time Limits\Set time limit for active but idle Remote Desktop Services sessions'
ReadReg -Path $RDPTCPpath -Name fInheritMaxIdleTime -Expected 1 -Text $t
ReadReg -Path $RDPTCPpath -Name MaxIdleTime -Expected 0 -Text $t

ReadReg -Path $RDPTCPpath -Name MaxInstanceCount -Expected 4294967295 -Text 'Connections\Limit number of connections'

Comments (0)

HTTPS SSH

You can clone a snippet to your computer for local editing. Learn more.