0

I'm trying to disable RDP using powershell.

I've tried the following code, but the values on the machine name I'm listing aren't changing. 

$file = Get-Content c:\PSscripts\regchange\computers.txt
foreach ($computername in $file){
    $PingStatus = Gwmi Win32_PingStatus -Filter "Address = '$computername'" | Select-Object StatusCode
    If ($PingStatus.StatusCode -eq 0){
        $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computername )
        $regKey= $reg.OpenSubKey("System\\CurrentControlSet\\Control\\Terminal Server" ,$true)
        $regKey.SetValue("fDenyTSConnections","1",[Microsoft.Win32.RegistryValueKind]::dword)
    }
    else {
        Write-Host "$computername unreachable"
    }
}

I suspect there's something wrong with the way I entered the registry path name. any help would be appreciated.

Improve this question
3
  • How do you know its not added? Commented Jun 4, 2019 at 17:16
  • I have access to the target machine. I'm just testing for mass deployment. Commented Jun 4, 2019 at 18:16
  • Are you running PowerShell as admin? System wide changes, Windows requires admin privs to do that. Commented Jun 4, 2019 at 18:28

2 Answers 2

Reset to default
1

The issue must be either permissions (which I assume you have as there are no obvious error messages), refreshing issue or in Get-Content and the structure of your file.

In order for Get-Content to work in this manner, each computer on a separate line. e.g.:

MyComputer1
MyComputer2

Another troubleshooting step is to try adding in Write-Host $computername entries to verify that you are looping through properly.:

$file = Get-Content c:\PSscripts\regchange\computers.txt
foreach ($computername in $file){
     $PingStatus = Gwmi Win32_PingStatus -Filter "Address = '$computername'" | Select-Object StatusCode
     If ($PingStatus.StatusCode -eq 0){
         Write-Host "$computername set"
     }
    else {
        Write-Host "$computername unreachable"
    }
}

You can also confirm by adding in a $regKey.GetValue after setting:

$file = Get-Content c:\PSscripts\regchange\computers.txt
foreach ($computername in $file){
    $PingStatus = Gwmi Win32_PingStatus -Filter "Address = '$computername'" | Select-Object StatusCode
    If ($PingStatus.StatusCode -eq 0){
        $reg = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine', $computername )
        $regKey= $reg.OpenSubKey("System\\CurrentControlSet\\Control\\Terminal Server" ,$true)
        $regKey.SetValue("fDenyTSConnections","1",[Microsoft.Win32.RegistryValueKind]::dword)

        Write-Host "$computername set to: $($regKey.GetValue("fDenyTSConnections"))"

    }
    else {
        Write-Host "$computername unreachable"
    }
}

Manually setting $computername = "MyComputer" and running the code, I can confirm that the code for setting the registry works... I can also confirm that remotely killing your RDP access to your remote virtual workstation also works.. and... is as terrible as it sounds ;-)

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

If PSRemoting is enabled, try something like this … (This needs to be executed in a PowerShell elevated admin session.)

Get-Content -Path 'c:\PSscripts\regchange\computers.txt' | 
ForEach{
    If (Test-Connection -$PSItem -Count 1 -Quiet)
    {
        $paramblock = @{
            Path = 'HKLM:\System\CurrentControlSet\Control\Terminal Server'
            Name = 'fDenyTSConnections'
            Value = '1'
        }

        Invoke-Command –Computername $PSItem –ScriptBlock {Set-ItemProperty @paramblock}
    }
    Else
    {Write-Warning -Message "Either the host $PSItem is offline or not reachable."}
}
Improve this answer

1 Comment

Thanks for deleting your latest answer. It's nice to help people who are lost, but we get such a volume of vampire questions here, we have to draw the line somewhere!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.