All posts by smarc

sysadmin, Win10, Win11, Windows

How to Enable Remote Desktop Using PowerShell?

 by 

Recently, one IT team member asked about a PowerShell script to enable remote desktops. In this tutorial, I will explain how to enable Remote Desktop (RDP) using PowerShell with detailed steps.

Table of Contents

Enable Remote Desktop Using PowerShell

Remote Desktop is useful for administrators and users who need to access their computers remotely. Using PowerShell to enable RDP can save time and ensure consistency across multiple machines.

Note: You need administrative privileges on the target machine to enable RDP.

Now, follow the steps to enable remote desktop using PowerShell.

Step 1: Open PowerShell with Administrative Privileges

To enable Remote Desktop, you need to run PowerShell as an administrator. Right-click on the Start menu, select Windows PowerShell (Admin), and click Yes when prompted by User Account Control (UAC).

Step 2: Check the Current RDP Status

Before enabling RDP, it’s a good practice to check if it is already enabled. You can do this by querying the registry:

Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\' -Name "fDenyTSConnections"

If the output is 1, RDP is disabled. If it is 0, RDP is already enabled.

I executed the above PowerShell script on my local machine; you can see the exact output as 1, which means the RDP is disabled.

Enable Remote Desktop Using PowerShell

Step 3: Enable Remote Desktop

To enable Remote Desktop, modify the registry setting and configure the firewall to allow RDP connections. Here’s the PowerShell script to do this:

# Enable RDP
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\' -Name "fDenyTSConnections" -Value 0

# Enable RDP through the firewall
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

This script sets the fDenyTSConnections value to 0 (enabling RDP) and configures the firewall to allow RDP traffic.

Step 4: Verify RDP is Enabled

After running the script, verify that RDP is enabled by checking the registry value again:

Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\' -Name "fDenyTSConnections"

The output should now be 0.

Check out Rename a Computer Using PowerShell

Enable RDP on Multiple Machines using PowerShell

If you need to enable RDP on multiple machines, you can use PowerShell remoting. Here’s an example script to enable RDP on a list of remote computers:

$computers = @("PC1", "PC2", "PC3") # Replace with your computer names

foreach ($computer in $computers) {
    Invoke-Command -ComputerName $computer -ScriptBlock {
        Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\' -Name "fDenyTSConnections" -Value 0
        Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
    }
}

This script loops through a list of computer names and enables RDP on each one.

Check out Get the Windows Version Using PowerShell

Troubleshoot Common Issues

Now, let me tell you some common issues that you might face while enabling RDP using PowerShell.

Issue 1: PowerShell Remoting Not Enabled

If you encounter an error indicating that PowerShell remoting is not enabled, you can enable it using the following command:

Enable-PSRemoting -Force

This command configures the computer to receive remote commands.

Issue 2: Firewall Blocking RDP

If the firewall is blocking RDP, ensure that the necessary firewall rules are enabled. You can manually check the firewall settings or use the following command:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

This command enables the firewall rules for the Remote Desktop.

Now, let me show you some advanced-level settings you can do using PowerShell.

Read Get a List of Installed Programs Using PowerShell

Configure Network Level Authentication (NLA)

Network Level Authentication (NLA) adds an extra layer of security to Remote Desktop connections. To enable NLA, use the following PowerShell script:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\' -Name "UserAuthentication" -Value 1

This script sets the UserAuthentication value to 1, enabling NLA.

Set RDP Port

By default, RDP uses port 3389. If you need to change this port for security reasons, you can do so using PowerShell:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\' -Name "PortNumber" -Value 3390

Replace 3390 with your desired port number. Ensure you update your firewall rules to allow traffic on the new port.

sysadmin, Win10, Win11, Windows

Ports that are used by Remote Desktop Services

  • 02/08/2025

This article introduces the ports that need to be open on firewalls to configure Remote Desktop Services (RDS) correctly.

The information and taxonomy are broken down by role, service, and component, and all inbound and outbound ports used are listed.

From client to RD resource

  • TCP 443 (HTTPS): Required if RDWeb is deployed.
  • TCP and UDP 3389: Standard Remote Desktop Protocol (RDP) port. It can be configured to a different port number on the host and client.

Remote Desktop Connection Broker (RDCB)

  • TCP 5504: Used for connections to RD Web Access.
  • TCP 3389: Used for connections to RD Session Host.
  • TCP 3389: Used for connections to non-managed VM pools. Managed machines use Virtual Machine Bus (VMBus) to open ports.
  • TCP 3389: Client port for clients not using RD Gateway.
  • TCP 445 and RPC: Used for connections to RD Virtualization Host.
  • TCP 445 and RPC: Used for connections to RD Session Host.
  • TCP 5985: Used by Windows Management Instrumentation (WMI) and PowerShell Remoting for administration.

Remote Desktop Gateway

Inbound external internet-based traffic from RD clients to the Gateway

  • TCP 443: Used for HTTP (including RPC over HTTP) over SSL. This port can be configured using the RD Gateway Management console.
  • UDP 3391: Used for RDP over UDP. This port can be configured using the RD Gateway Management console.

     Note

    Firewalls that have directional UDP analysis, such as TMG, require UDP “Send Receive” to be configured.

Internal traffic between the Gateway and the required user AD, resource AD, DNS, NPS, and so on

  • TCP 88: Used by Kerberos for user authentication.
  • TCP 135: Used by the RPC Endpoint Mapper.
  • TCP 135: Port that NTDS RPC services listens on AD.
  • TCP and UDP 389: Used by the Lightweight Directory Access Protocol (LDAP) for user authentication. It’s required when using LDAP for Certificate Revocation Lists (CRLs).
  • TCP and UDP 53: Used by the Domain Name System (DNS) for internal resource name resolution.
  • TCP 80: Required when using HTTP for CRLs.
  • TCP 21: Required when using FTP for CRLs.
  • UDP 1812 and 1813: Required when Network Policy Server (NPS) is used.
  • TCP 5985: Used by WMI and PowerShell Remoting for administration.

Internal traffic from the Gateway and the internal RD resources

  • TCP and UDP 3389: Used by RDP.

     Note

    Firewalls that have directional UDP analysis, such as TMG, require UDP “Send Receive” to be configured in the UDP protocol.

Remote Desktop Web Access

If RD Web Access is on a perimeter network, configure the following ports:

  • TCP: <WMI Fixed Port>
  • TCP 5504: Used for connections to RDCB for centralized publishing.
  • TCP 5985: Used by WMI and PowerShell Remoting for administration.

Remote Desktop Session Host

  • RD License Server: RPC ports.
  • TCP 389 and 636: Used for AD communication.
  • TCP 5985: Used by WMI and PowerShell Remoting for administration.

Remote Desktop Virtualization Host

  • RD License Server: RPC ports.
  • TCP 389 and 636: Used for AD communication.
  • TCP 5985: Used by WMI and PowerShell Remoting for administration.

Remote Desktop Licensing Server

For more information, see RDS Licensing (RDSL).

TCP

  • TCP 135: Used for RPC for License Server communication and Remote Desktop Session Host.
  • TCP 1024-65535 (randomly allocated): Used for RPC in Windows Server versions that are earlier than Windows Server 2008.
  • TCP 49152-65535 (randomly allocated): Used for RPC in Windows Server 2008 and later versions.
  • TCP 445: Used by the Server Message Block (SMB) protocol.
  • TCP 443: Used for communication over the internet to the Microsoft Clearing House.
  • TCP 5985: Used by WMI and PowerShell Remoting for administration.
  • TCP 139: Used by the NetBIOS session service.

For more information, see How to configure RPC dynamic port allocation to work with firewalls.

NetBIOS

  • UDP 137: Used for NetBIOS name resolution.
  • UDP 138: Used by the NetBIOS Datagram Service.
  • UDP and TCP 389: Used by LDAP with per-user Client Access Licenses (CALs) in AD.

From a proxy standpoint, the registry key HKLM\Software\Microsoft\TermServLicensing\lrwiz\Params shows the Microsoft service that the RD License Server communicates with.

libreoffice

change the default font in Libreoffice Calc

  1. Open a blank spreadsheet
  2. In the Sidebar, click on the Styles icon to open the Styles pane.
  3. The pane initially shows Cell Styles (first icon on left at the top).
    CalcCellStylesDefault
  4. Right click Default, select Edit style
  5. In the dialogue that opens, select the Fonts tab. Select your desired font and font size, change nothing else. OK
  6. Click File > Templates > Save as template
  7. In the dialogue, type a suitable name, select an appropriate location such as My Templates, tick the box Set as default template. Save

To remove the default template status if no longer needed, click File > Templates > Manage templates. FInd the template with a green tick, right click it and select *Reset default. Or right click another template and select Set as Default to make that default template.
TemplateResetDefault

Source: How can I change the default font in Calc