Enable Remote access

 

PowerShell Command to Disable Windows Firewall

This is the PowerShell command to fully disable the Windows firewall.

Set-NetFirewallProfile -Enabled False

1. Open the Start menu.
2. Search for “PowerShell“.
3. Right-click on “PowerShell” and select “Run as administrator“.
4. In the PowerShell window, execute the below command to disable the Windows Defender Firewall.
   Set-NetFirewallProfile -Enabled False
5. Close the PowerShell.
6. Reboot Windows.

To enable back the firewall, you need to execute the below command in the PowerShell window as an admin.

Set-NetFirewallProfile -Enabled True

That is all. It is that simple to fully disable Windows defender firewall in Windows 10, Windows 7, and Windows 8. If you are stuck or need some help, comment below and I will try to help as much as possible.

or 

Enable Remote Desktop Remotely Using PowerShell

To enable RDP remotely, you need to configure and run the WinRM service (Windows Remote Management) on the remote computer. The WinRM service is enabled by default in all versions of Windows Server starting with Windows Server 2012. However, WinRM is disabled by default in client operating systems such as Windows 10. Thus, to enable Remote Desktop remotely via PowerShell, the remote computer must meet the following requirements:

1. The WinRM service should be started;
2. You must have administrator permissions on the remote device;
3. Windows Defender Firewall with Advanced Security must be disabled or the rules that allow remote access through PowerShell Remoting should be enabled.

Suppose you want to remotely enable RDP on Windows Server 2012 R2/2016/ 2019. Open the PowerShell console on your computer and run the following command to connect to your server remotely:

Enter-PSSession -ComputerName server.domain.local -Credential domainadministrator

So, you have established a remote session with a computer and now you can execute PowerShell commands on it. To enable Remote Desktop, you just need to change registry parameter fDenyTSConnections from 1 to 0 on the remote computer. Run the command:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0

When RDP is enabled in this way (as opposed to the GUI method), the rule that allows remote RDP connections is not enabled in the Windows Firewall rules. To allow incoming RDP connections in Windows Firewall, run the command:

Enable-NetFirewallRule -DisplayGroup "Remote Desktop"

Hint. By default, TCP/3389 port is used for incoming Remote Desktop connections on Windows. You can change the default RDP port number through the registry using the PortNumber parameter in the reg key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp.

If for some reason this firewall rule is missing, you can create it manually:

netsh advfirewall firewall add rule name="allow RemoteDesktop" dir=in protocol=TCP localport=3389 action=allow

If you want to restrict hosts or subnets that are allowed to connect to Remote Desktop, you can create a custom rule that allows Windows Firewall to solely accept incoming RDP connections from specific IP addresses, subnets, or IP ranges. In this case, instead of the previous command, you need to use the following one:

New-NetFirewallRule -DisplayName “Restrict_RDP_access" -Direction Inbound -Protocol TCP -LocalPort 3389 -RemoteAddress 192.168.1.0/24,192.168.2.100 -Action Allow

If you need to enable secure RDP authentication (NLA – Network Level Authentication), run the command:

Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1

Now you can check the availability of TCP port 3389 on the remote host from your computer. Run the command:

Test-NetConnection 192.168.1.11 -CommonTCPPort rdp

There should be a result like this:

ComputerName : 192.168.1.11

RemoteAddress : 192.168.1.11

RemotePort : 3389

InterfaceAlias : Ethernet0

SourceAddress : 192.168.1.90

TcpTestSucceeded : True

This means that RDP on the remote host is enabled and you can establish a remote desktop connection using mstsc.exe, RDCMan, or any alternative RDP client.

Hint. If you need to enable RDP on several remote computers at once, you can use the following PowerShell script:

$comps = “Server1”, “Server2”, “Server3”, “Server4”

Invoke-Command –Computername $comps –ScriptBlock {Set-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" –Value 0}

Invoke-Command –Computername $comps –ScriptBlock {Enable-NetFirewallRule -DisplayGroup "Remote Desktop"}

By default, only members of the local Administrators group can connect via the RDP remotely. To allow RDP connections for non-admin users, just add them to the local Remote Desktop Users group

You can add the desired users to the Remote Desktop Users locally by using the Local Users and Groups MMC snap-in (LUSRMGR.MSC).

Or you can change RD Users group membership remotely using the PowerShell Remoting inside the Enter-PSSession. Use the following command to add the domain user ASmith to the local group:

net localgroup "remote desktop users" /add "contoso\asmith”

Alternatively, instead of the Enter-PSSession cmdlet, you can use another PS Remoting command Invoke-Command:

Invoke-Command -Scriptblock {net localgroup "remote desktop users" /add "contoso\asmith”

} -Computer Server1.contoso.com