Category filter

Script to enable/disable Remote Desktop on Windows devices

Remote Desktop is a feature introduced by Microsoft that enables a remote user to access your Windows PC connected through the local network or the internet. This feature allows an authorized user to control and manage a Windows PC without physically being present at the location. Only the Pro and Enterprise editions of Windows 10/11 offer Remote Desktop. By default, the Remote Desktop feature is disabled. While you can enable this feature through the Settings app, you can also enable Remote Desktop on Windows devices by deploying scripts. This document provides scripts to enable and disable the Remote Desktop feature on Windows devices. These scripts can be deployed to remote devices using the Execute Custom Script action in Hexnode UEM.

Scripting Language – Bash

File extension – .sh

Disclaimer:

The Sample Scripts provided below are adapted from third-party open-source sites.

Enable Remote Desktop

The Remote Desktop feature can be enabled by setting the value of the REG DWORD fDenyTSConnections in the path ‘HKLM:\System\CurrentControlSet\Control\Terminal Server’ to 0. The DWORD is set to 1 by default; however, this command will make it 0 to activate the feature. In addition, add a firewall rule that permits the Remote Desktop to connect through the Windows Defender Firewall.

PowerShell script

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

1 2	Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

Bash script

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f 
netsh advfirewall firewall set rule group="remote desktop" new enable=yes

1 2	reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f netsh advfirewall firewall set rule group="remote desktop" new enable=yes

Disable Remote Desktop

We can disable the Remote Desktop feature by resetting the DWORD value to 1 and removing the added firewall rules.

PowerShell script

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1 
Disable-NetFirewallRule -DisplayGroup "Remote Desktop"

1 2	Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1 Disable-NetFirewallRule -DisplayGroup "Remote Desktop"

Bash script

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f 
netsh advfirewall firewall set rule group="remote desktop" new enable=No

1 2	reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f netsh advfirewall firewall set rule group="remote desktop" new enable=No

Notes:

It is recommended to manually validate the script execution on a system before executing the action in bulk.
Hexnode will not be responsible for any damage/loss to the system on the behavior of the script.

Need more help?

Raise a Ticket

Ask Community

Chat With us