Shavlik: Enable Remote Desktop (RDP) 

Version 4

    Author: Shavlik

    Category: Configuration

    Inputs: enableNLA - A boolean value indicating if NLA should be turned on or off.  The default is on.

    Minimum ITScripts engine version required:

    Modifies the target machine: Yes

    Name: Enable Remote Desktop (RDP)

    Outputs: Writes a text file with summary of machine results.  Results contain notification of success or failure for setting RDP and NLA setting.

    Purpose: Allows administrators to enable Remote Desktop (RDP).  By default, the script will enable RDP with network level authentication (NLA).  Enabling RDP with NLA reduces the risk of exploit by requiring the user to authenticate to the server.

    Script Version:

    Target Type: Any


    Technical Description:

    This script connects to the target system via WMI. Accessing the Win32_TerminalServiceSetting class, it sets the AllowTSConnections field accordingly to enable RDP without requiring a reboot.  For Vista and later systems, it also accesses the Win32_TSGeneralSetting in order to set the NLA.


    Possible OpsMon results include:

    "Parameter "enableNLA" contains the invalid value "<invalid  value>"."

    "Unable to access the WMI services for remote desktop."

    "WMI connection to the target machine failed. The machine may be offline or firewalled."


    Any combination of one of the following:

        "Remote desktop has been enabled."

        "Remote desktop is already enabled."

    Mixed with one of the following:

        "NLA has been enabled."

        "NLA is already enabled."

        "NLA has been disabled."

        "NLA is already disabled."

        "NLA is not supported on this version of the operating system."


    E.G.  "Remote desktop has been enabled.  NLA has been enabled."