Introduction

The xRemoteDesktopAdmin module is a part of the Windows PowerShell Desired State Configuration (DSC) Resource Kit, which is a collection of DSC Resources produced by the PowerShell Team. This module contains the xRemoteDesktopAdmin resource. This DSC Resource allows you to configure remote desktop settings and the Windows firewall by applying a configuration to your local or a remote machine.

All of the resources in the DSC Resource Kit are provided AS IS, and are not supported through any Microsoft standard support program or service. The ""x" in xRemoteDesktopAdmin stands for experimental, which means that these resources will be fix forward and monitored by the module owner(s).

Please leave comments, feature requests, and bug reports in the Q & A tab for this module.

If you would like to modify xRemoteDesktopAdmin module, feel free. When modifying, please update the module name, resource friendly name, and MOF class name (instructions below). As specified in the license, you may copy or modify this resource as long as they are used on the Windows Platform.

For more information about Windows PowerShell Desired State Configuration, check out the blog posts on the PowerShell Blog (this is a good starting point). There are also great community resources, such as PowerShell.org, or PowerShell Magazine. For more information on the DSC Resource Kit, check out this blog post.

Installation

To install xRemoteDesktopAdmin module

To confirm installation:

Requirements

This module requires the latest version of PowerShell (v4.0, which ships in Windows 8.1 or Windows Server 2012R2). To easily use PowerShell 4.0 on older operating systems, install WMF 4.0. Please read the installation instructions that are present on both the download page and the release notes for WMF 4.0.

Description

The xRemoteDesktopAdmin module contains the xRemoteDesktopAdmin DSC Resource. This DSC Resource allows you to configure remote desktop settings to either allow or prevent users to setup a remote desktop connection to a specific machine. In addition it can optionally leverage the Windows PowerShell Desired State Configuration (DSC) Resource Kit resources xFirewall and Group. This allows you to not only configure remote desktop settings, but also to create a firewall rule - which allows a remote session through the firewall – and lets you add a domain user to the local Remote Desktop Users group.

Details

xRemoteDesktopAdmin resource has following properties:

The sample configuration files leverages the DSC Resource Kit resources xFirewall and Group to configure the Windows firewall and to add a domain user to the local Remote Desktop Users group, either with encrypted credentials or credentials stored in clear text (for testing purposes only).

 

Renaming Requirements

When making changes to these resources, we suggest the following practice:

  1. Update the following names by replacing MSFT with your company/community name and replacing the "x" with "c" (short for "Community") or another prefix of your choice:
    • Module name (ex: xRemoteDesktopAdmin becomes **cModuleName**)
    • Resource folder (ex: MSFT_xRemoteDesktopAdmin becomes Contoso_**cResourceName**)
    • Resource Name (ex: MSFT_xRemoteDesktopAdmin becomes Contoso_**cResourceName**)
    • Resource Friendly Name (ex: xRemoteDesktopAdmin becomes **cResourceName**)
    • MOF class name (ex: MSFT_xRemoteDesktopAdmin becomes Contoso_**cResourceName**)
    • Filename for the <resource>.schema.mof (ex: MSFT_xRemoteDesktopAdmin.schema.mof becomes Contoso_**cResourceName**.schema.mof)
  2. Update module and metadata information in the module manifest
  3. Update any configuration that use these resources

We reserve resource and module names without prefixes ("x" or "c") for future use (e.g. "MSFT_**RealResourceName**" or "**RealResourceName**"). If the next version of Windows Server ships with a "**RealResourceName**" resource, we don't want to break any configurations that use any community modifications. Please keep a prefix such as "c" on all community modifications.

Versions

1.0.0.0

1.0.2.0

ExampleConfiguration-RemoteDesktopAdmin.ps1

This configuration configures the target system to allow for remote connections (allowing a RDP session being setup), enables Network Level Authentication and creates a Windows firewall rule to allow incoming RDP traffic.

ExampleConfiguration-RemoteDesktopAdminWithUnEncryptedPassword.ps1

This configuration extends the previous configuration with adding a domain user to the local Remote Desktop Users group using a credential stored in clear text (for testing purposes only).

ExampleConfiguration-RemoteDesktopAdminWithEncryptedPassword.ps1

This configuration extends the previous configuration with adding a domain user to the local Remote Desktop Users group using certificates to encrypt credentials.