├── .gitignore ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── General.md │ ├── Resource_proposal.md │ └── Problem_with_resource.md ├── stale.yml └── PULL_REQUEST_TEMPLATE.md ├── .codecov.yml ├── DSCResources └── xRemoteDesktopAdmin │ ├── xRemoteDesktopAdmin.schema.mof │ └── xRemoteDesktopAdmin.psm1 ├── .vscode ├── settings.json └── analyzersettings.psd1 ├── Examples ├── ExampleConfiguration-RemoteDesktopAdmin.ps1 ├── ExampleConfiguration-RemoteDesktopAdminWithUnEncryptedPassword.ps1 └── ExampleConfiguration-RemoteDesktopAdminWithEncryptedPassword.ps1 ├── LICENSE ├── appveyor.yml ├── xRemoteDesktopAdmin.psd1 └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | DSCResource.Tests 2 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | # Needed for publishing of examples, build worker defaults to core.autocrlf=input. 2 | * text eol=crlf 3 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/General.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: General question or documentation update 3 | about: If you have a general question or documentation update suggestion around the resource module. 4 | --- 5 | 8 | -------------------------------------------------------------------------------- /.codecov.yml: -------------------------------------------------------------------------------- 1 | codecov: 2 | notify: 3 | require_ci_to_pass: no 4 | 5 | comment: 6 | layout: "reach, diff" 7 | behavior: default 8 | 9 | coverage: 10 | range: 50..80 11 | round: down 12 | precision: 0 13 | 14 | status: 15 | project: 16 | default: 17 | # Set the overall project code coverage requirement to 70% 18 | target: 70 19 | patch: 20 | default: 21 | # Set the pull request requirement to not regress overall coverage by more than 5% 22 | # and let codecov.io set the goal for the code changed in the patch. 23 | target: auto 24 | threshold: 5 25 | -------------------------------------------------------------------------------- /DSCResources/xRemoteDesktopAdmin/xRemoteDesktopAdmin.schema.mof: -------------------------------------------------------------------------------- 1 | 2 | [ClassVersion("1.0.0.0"), FriendlyName("xRemoteDesktopAdmin")] 3 | class xRemoteDesktopAdmin : OMI_BaseResource 4 | { 5 | [Key, Description("Determines whether or not the computer should accept remote connections. Present sets the value to Enabled and Absent sets the value to Disabled."), ValueMap{"Present","Absent"}, Values{"Present","Absent"}] String Ensure; 6 | [Write, Description("User Authentication. Setting this value to Secure configures the machine to require NLA."), ValueMap{"Secure","NonSecure"}, Values{"Secure","NonSecure"}] String UserAuthentication; 7 | }; 8 | 9 | 10 | 11 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/Resource_proposal.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: New resource proposal 3 | about: If you have a new resource proposal that you think should be added to this resource module. 4 | --- 5 | 17 | ### Description 18 | 19 | ### Proposed properties 20 | 21 | ### Special considerations or limitations 22 | -------------------------------------------------------------------------------- /.vscode/settings.json: -------------------------------------------------------------------------------- 1 | { 2 | "powershell.codeFormatting.openBraceOnSameLine": false, 3 | "powershell.codeFormatting.newLineAfterOpenBrace": false, 4 | "powershell.codeFormatting.newLineAfterCloseBrace": true, 5 | "powershell.codeFormatting.whitespaceBeforeOpenBrace": true, 6 | "powershell.codeFormatting.whitespaceBeforeOpenParen": true, 7 | "powershell.codeFormatting.whitespaceAroundOperator": true, 8 | "powershell.codeFormatting.whitespaceAfterSeparator": true, 9 | "powershell.codeFormatting.ignoreOneLineBlock": false, 10 | "powershell.codeFormatting.preset": "Custom", 11 | "files.trimTrailingWhitespace": true, 12 | "files.insertFinalNewline": true, 13 | "powershell.scriptAnalysis.settingsPath": ".vscode\\analyzersettings.psd1" 14 | } 15 | -------------------------------------------------------------------------------- /Examples/ExampleConfiguration-RemoteDesktopAdmin.ps1: -------------------------------------------------------------------------------- 1 | [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingComputerNameHardcoded', '')] 2 | param() 3 | 4 | Configuration AllowRemoteDesktopAdminConnections 5 | { 6 | Import-DscResource -Module xRemoteDesktopAdmin, xNetworking 7 | 8 | Node ('localhost') 9 | { 10 | xRemoteDesktopAdmin RemoteDesktopSettings 11 | { 12 | Ensure = 'Present' 13 | UserAuthentication = 'Secure' 14 | } 15 | 16 | xFirewall AllowRDP 17 | { 18 | Name = 'DSC - Remote Desktop Admin Connections' 19 | DisplayGroup = "Remote Desktop" 20 | Ensure = 'Present' 21 | State = 'Enabled' 22 | Access = 'Allow' 23 | Profile = 'Domain' 24 | } 25 | } 26 | } 27 | 28 | $workingdir = 'C:\RDP\MOF' 29 | 30 | # Create MOF 31 | AllowRemoteDesktopAdminConnections -OutputPath $workingdir 32 | 33 | # Apply MOF 34 | Start-DscConfiguration -ComputerName 'localhost' -wait -force -verbose -path $workingdir 35 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2015 Microsoft Corporation. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in 13 | all copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 21 | THE SOFTWARE. -------------------------------------------------------------------------------- /appveyor.yml: -------------------------------------------------------------------------------- 1 | #---------------------------------# 2 | # environment configuration # 3 | #---------------------------------# 4 | 5 | version: 1.1.{build}.0 6 | environment: 7 | gallery_api: 8 | secure: 9ekJzfsPCDBkyLrfmov83XbbhZ6E2N3z+B/Io8NbDetbHc6hWS19zsDmy7t0Vvxv 9 | 10 | install: 11 | - git clone https://github.com/PowerShell/DscResource.Tests 12 | - ps: Write-Verbose -Message "PowerShell version $($PSVersionTable.PSVersion)" -Verbose 13 | - ps: Import-Module -Name "$env:APPVEYOR_BUILD_FOLDER\DscResource.Tests\AppVeyor.psm1" 14 | - ps: Invoke-AppveyorInstallTask 15 | 16 | #---------------------------------# 17 | # build configuration # 18 | #---------------------------------# 19 | 20 | build: false 21 | 22 | #---------------------------------# 23 | # test configuration # 24 | #---------------------------------# 25 | 26 | test_script: 27 | - ps: | 28 | Invoke-AppveyorTestScriptTask -CodeCoverage -CodeCovIo 29 | 30 | # scripts to run before deployment 31 | after_test: 32 | - ps: | 33 | Import-Module -Name "$env:APPVEYOR_BUILD_FOLDER\DscResource.Tests\AppVeyor.psm1" 34 | Invoke-AppveyorAfterTestTask 35 | 36 | #---------------------------------# 37 | # deployment configuration # 38 | #---------------------------------# 39 | 40 | deploy_script: 41 | - ps: | 42 | Invoke-AppVeyorDeployTask 43 | -------------------------------------------------------------------------------- /.github/stale.yml: -------------------------------------------------------------------------------- 1 | # Configuration for probot-stale - https://github.com/probot/stale 2 | 3 | limitPerRun: 30 4 | 5 | pulls: 6 | daysUntilStale: 14 7 | daysUntilClose: false 8 | exemptProjects: true 9 | exemptMilestones: true 10 | staleLabel: abandoned 11 | exemptLabels: 12 | - needs review 13 | - on hold 14 | - waiting for CLA pass 15 | 16 | markComment: > 17 | Labeling this pull request (PR) as abandoned since it has gone 14 days or more 18 | since the last update. An abandoned PR can be continued by another contributor. 19 | The abandoned label will be removed if work on this PR is taken up again. 20 | 21 | issues: 22 | daysUntilStale: 30 23 | daysUntilClose: 40 24 | exemptProjects: true 25 | exemptMilestones: true 26 | staleLabel: stale 27 | exemptLabels: 28 | - bug 29 | - enhancement 30 | - tests 31 | - documentation 32 | - resource proposal 33 | - on hold 34 | 35 | markComment: > 36 | This issue has been automatically marked as stale because 37 | it has not had activity from the community in the last 30 days. It will be 38 | closed if no further activity occurs within 10 days. If the issue is labelled 39 | with any of the work labels (e.g bug, enhancement, documentation, or tests) 40 | then the issue will not auto-close. 41 | 42 | closeComment: > 43 | This issue has been automatically closed because it is has not had activity 44 | from the community in the last 40 days. 45 | -------------------------------------------------------------------------------- /xRemoteDesktopAdmin.psd1: -------------------------------------------------------------------------------- 1 | @{ 2 | # Version number of this module. 3 | ModuleVersion = '1.1.0.0' 4 | 5 | # ID used to uniquely identify this module 6 | GUID = '244cd1ea-c609-45b9-9538-a260c0930769' 7 | 8 | # Author of this module 9 | Author = 'Microsoft Corporation' 10 | 11 | # Company or vendor of this module 12 | CompanyName = 'Microsoft Corporation' 13 | 14 | # Copyright statement for this module 15 | Copyright = '(c) 2013 Microsoft Corporation. All rights reserved.' 16 | 17 | # Description of the functionality provided by this module 18 | Description = 'Module with DSC Resources for enabling adminsitrative Remote Desktop Connections' 19 | 20 | # Minimum version of the Windows PowerShell engine required by this module 21 | PowerShellVersion = '4.0' 22 | 23 | # Minimum version of the common language runtime (CLR) required by this module 24 | CLRVersion = '4.0' 25 | 26 | # Functions to export from this module 27 | FunctionsToExport = '*' 28 | 29 | # Cmdlets to export from this module 30 | CmdletsToExport = '*' 31 | 32 | # Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell. 33 | PrivateData = @{ 34 | 35 | PSData = @{ 36 | 37 | # Tags applied to this module. These help with module discovery in online galleries. 38 | Tags = @('DesiredStateConfiguration', 'DSC', 'DSCResourceKit', 'DSCResource') 39 | 40 | # A URL to the license for this module. 41 | LicenseUri = 'https://github.com/PowerShell/xRemoteDesktopAdmin/blob/master/LICENSE' 42 | 43 | # A URL to the main website for this project. 44 | ProjectUri = 'https://github.com/PowerShell/xRemoteDesktopAdmin' 45 | 46 | # A URL to an icon representing this module. 47 | # IconUri = '' 48 | 49 | # ReleaseNotes of this module 50 | # ReleaseNotes = '' 51 | 52 | } # End of PSData hashtable 53 | 54 | } # End of PrivateData hashtable 55 | } 56 | 57 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/Problem_with_resource.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Problem with a resource 3 | about: If you have a problem, bug, or enhancement with a resource in this resource module. 4 | --- 5 | 24 | #### Details of the scenario you tried and the problem that is occurring 25 | 26 | #### Verbose logs showing the problem 27 | 28 | #### Suggested solution to the issue 29 | 30 | #### The DSC configuration that is used to reproduce the issue (as detailed as possible) 31 | ```powershell 32 | # insert configuration here 33 | ``` 34 | 35 | #### The operating system the target node is running 36 | 50 | 51 | #### Version and build of PowerShell the target node is running 52 | 56 | 57 | #### Version of the DSC module that was used ('dev' if using current dev branch) 58 | -------------------------------------------------------------------------------- /Examples/ExampleConfiguration-RemoteDesktopAdminWithUnEncryptedPassword.ps1: -------------------------------------------------------------------------------- 1 | [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingComputerNameHardcoded', '')] 2 | [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingConvertToSecureStringWithPlainText', '')] 3 | param() 4 | # The configuration data section specifies to allow using a plain text stored password 5 | $ConfigData = @{ 6 | AllNodes = @( 7 | @{ 8 | NodeName="DSCnode1"; 9 | PSDscAllowPlainTextPassword = $true 10 | 11 | } 12 | 13 | )} 14 | 15 | Configuration AllowRemoteDesktopAdminConnections 16 | { 17 | $password = ConvertTo-SecureString "YourPasswordHere" -AsPlainText -Force 18 | $Credential = New-Object System.Management.Automation.PSCredential ("Contoso\RDP_User", $password) 19 | 20 | Import-DscResource -Module xRemoteDesktopAdmin, xNetworking 21 | 22 | node ('DSCnode1') 23 | { 24 | xRemoteDesktopAdmin RemoteDesktopSettings 25 | { 26 | Ensure = 'Present' 27 | UserAuthentication = 'Secure' 28 | } 29 | 30 | xFirewall AllowRDP 31 | { 32 | Name = 'DSC - Remote Desktop Admin Connections' 33 | DisplayGroup = "Remote Desktop" 34 | Ensure = 'Present' 35 | State = 'Enabled' 36 | Access = 'Allow' 37 | Profile = 'Domain' 38 | } 39 | 40 | Group RDPGroup 41 | { 42 | Ensure = 'Present' 43 | GroupName = "Remote Desktop Users" 44 | Members = 'Contoso\RDP_User' 45 | Credential = $Credential 46 | 47 | } 48 | 49 | } 50 | } 51 | 52 | # Set your working directory for the output of the MOF file 53 | $workingdir = 'C:\RDP\MOF' 54 | 55 | # Create MOF with configuration data 56 | AllowRemoteDesktopAdminConnections -ConfigurationData $ConfigData -OutputPath $workingdir 57 | 58 | # Apply the configuration 59 | Start-DscConfiguration -ComputerName 'DSCnode1' -wait -force -verbose -path $workingdir 60 | -------------------------------------------------------------------------------- /.vscode/analyzersettings.psd1: -------------------------------------------------------------------------------- 1 | @{ 2 | <# 3 | For the custom rules to work, the DscResource.Tests repo must be 4 | cloned. It is automatically clone as soon as any unit or 5 | integration tests are run. 6 | #> 7 | CustomRulePath = '.\DSCResource.Tests\DscResource.AnalyzerRules' 8 | 9 | IncludeRules = @( 10 | # DSC Resource Kit style guideline rules. 11 | 'PSAvoidDefaultValueForMandatoryParameter', 12 | 'PSAvoidDefaultValueSwitchParameter', 13 | 'PSAvoidInvokingEmptyMembers', 14 | 'PSAvoidNullOrEmptyHelpMessageAttribute', 15 | 'PSAvoidUsingCmdletAliases', 16 | 'PSAvoidUsingComputerNameHardcoded', 17 | 'PSAvoidUsingDeprecatedManifestFields', 18 | 'PSAvoidUsingEmptyCatchBlock', 19 | 'PSAvoidUsingInvokeExpression', 20 | 'PSAvoidUsingPositionalParameters', 21 | 'PSAvoidShouldContinueWithoutForce', 22 | 'PSAvoidUsingWMICmdlet', 23 | 'PSAvoidUsingWriteHost', 24 | 'PSDSCReturnCorrectTypesForDSCFunctions', 25 | 'PSDSCStandardDSCFunctionsInResource', 26 | 'PSDSCUseIdenticalMandatoryParametersForDSC', 27 | 'PSDSCUseIdenticalParametersForDSC', 28 | 'PSMisleadingBacktick', 29 | 'PSMissingModuleManifestField', 30 | 'PSPossibleIncorrectComparisonWithNull', 31 | 'PSProvideCommentHelp', 32 | 'PSReservedCmdletChar', 33 | 'PSReservedParams', 34 | 'PSUseApprovedVerbs', 35 | 'PSUseCmdletCorrectly', 36 | 'PSUseOutputTypeCorrectly', 37 | 'PSAvoidGlobalVars', 38 | 'PSAvoidUsingConvertToSecureStringWithPlainText', 39 | 'PSAvoidUsingPlainTextForPassword', 40 | 'PSAvoidUsingUsernameAndPasswordParams', 41 | 'PSDSCUseVerboseMessageInDSCResource', 42 | 'PSShouldProcess', 43 | 'PSUseDeclaredVarsMoreThanAssignments', 44 | 'PSUsePSCredentialType', 45 | 46 | <# 47 | This is to test all the DSC Resource Kit custom rules. 48 | The name of the function-blocks of each custom rule start 49 | with 'Measure*'. 50 | #> 51 | 'Measure-*' 52 | ) 53 | } 54 | -------------------------------------------------------------------------------- /Examples/ExampleConfiguration-RemoteDesktopAdminWithEncryptedPassword.ps1: -------------------------------------------------------------------------------- 1 | [Diagnostics.CodeAnalysis.SuppressMessageAttribute('PSAvoidUsingComputerNameHardcoded', '')] 2 | param() 3 | # The configuration data section specifies which certificate and thumbprint to use for encrypting the password 4 | $ConfigData = @{ 5 | AllNodes = @( 6 | @{ 7 | NodeName="DSCnode1"; 8 | CertificateFile = "C:\Certificates\DSCnode1.cer" 9 | Thumbprint = "E36D15C59BDBABB8525E48568844DD7079C1C3DD" 10 | } 11 | 12 | )} 13 | 14 | Configuration AllowRemoteDesktopAdminConnections 15 | { 16 | param( 17 | [Parameter(Mandatory=$true)] 18 | [ValidateNotNullorEmpty()] 19 | [PsCredential] $Credential 20 | ) 21 | 22 | 23 | Import-DscResource -Module xRemoteDesktopAdmin, xNetworking 24 | 25 | Node ('DSCnode1') 26 | { 27 | xRemoteDesktopAdmin RemoteDesktopSettings 28 | { 29 | Ensure = 'Present' 30 | UserAuthentication = 'Secure' 31 | } 32 | 33 | xFirewall AllowRDP 34 | { 35 | Name = 'DSC - Remote Desktop Admin Connections' 36 | DisplayGroup = "Remote Desktop" 37 | Ensure = 'Present' 38 | State = 'Enabled' 39 | Access = 'Allow' 40 | Profile = 'Domain' 41 | } 42 | 43 | Group RDPGroup 44 | { 45 | Ensure = 'Present' 46 | GroupName = "Remote Desktop Users" 47 | Members = 'Contoso\RDP_User' 48 | Credential = $Credential 49 | 50 | } 51 | 52 | LocalConfigurationManager 53 | { 54 | CertificateId = $node.Thumbprint 55 | } 56 | } 57 | } 58 | 59 | # Set your working directory for the output of the MOF file 60 | $workingdir = 'C:\RDP\MOF' 61 | 62 | # Create MOF with configuration data 63 | AllowRemoteDesktopAdminConnections -ConfigurationData $ConfigData -OutputPath $workingdir 64 | 65 | # Use Set-DscLocalConfigurationManager to apply the *.meta.mof 66 | Set-DscLocalConfigurationManager -ComputerName 'DSCnode1' $workingdir -Verbose 67 | 68 | # Apply the configuration 69 | Start-DscConfiguration -ComputerName 'DSCnode1' -wait -force -verbose -path $workingdir 70 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 14 | #### Pull Request (PR) description 15 | 18 | 19 | #### This Pull Request (PR) fixes the following issues 20 | 27 | 28 | #### Task list 29 | 37 | - [ ] Added an entry under the Unreleased section of the change log in the README.md. 38 | Entry should say what was changed, and how that affects users (if applicable). 39 | - [ ] Resource documentation added/updated in README.md. 40 | - [ ] Resource parameter descriptions added/updated in README.md, schema.mof 41 | and comment-based help. 42 | - [ ] Comment-based help added/updated. 43 | - [ ] Localization strings added/updated in all localization files as appropriate. 44 | - [ ] Examples appropriately added/updated. 45 | - [ ] Unit tests added/updated. See [DSC Resource Testing Guidelines](https://github.com/PowerShell/DscResources/blob/master/TestsGuidelines.md). 46 | - [ ] Integration tests added/updated (where possible). See [DSC Resource Testing Guidelines](https://github.com/PowerShell/DscResources/blob/master/TestsGuidelines.md). 47 | - [ ] New/changed code adheres to [DSC Resource Style Guidelines](https://github.com/PowerShell/DscResources/blob/master/StyleGuidelines.md) and [Best Practices](https://github.com/PowerShell/DscResources/blob/master/BestPractices.md). 48 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # **THIS MODULE HAS BEEN DEPRECATED** 2 | 3 | It will no longer be released. 4 | Please use the 'RemoteDesktopAdmin' resource in [ComputerManagementDsc](https://github.com/PowerShell/ComputerManagementDsc) 5 | instead. 6 | 7 | [![Build status](https://ci.appveyor.com/api/projects/status/iwctay9q3t2c72r8/branch/master?svg=true)](https://ci.appveyor.com/project/PowerShell/xremotedesktopadmin/branch/master) 8 | 9 | # xRemoteDesktopAdmin 10 | 11 | The **xRemoteDesktopAdmin** module contains the **xRemoteDesktopAdmin** DSC resource for configuring remote desktop settings and the Windows firewall on a local or remote machine. 12 | 13 | This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). 14 | For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments. 15 | 16 | ## Contributing 17 | Please check out common DSC Resources [contributing guidelines](https://github.com/PowerShell/DscResource.Kit/blob/master/CONTRIBUTING.md). 18 | 19 | 20 | ## Description 21 | 22 | The **xRemoteDesktopAdmin** module contains the **xRemoteDesktopAdmin** DSC Resource. 23 | This DSC Resource allows you to configure remote desktop settings to either allow or prevent users to setup a remote desktop connection to a specific machine. 24 | In addition, it can optionally leverage the xPSDesiredStateConfiguration resources **xFirewall** and **xGroup**. 25 | This allows you to configure remote desktop settings and create the necessary firewall rules to allow a remote session and add a domain user to the local Remote Desktop Users group. 26 | 27 | 28 | ## Resources 29 | 30 | ### xRemoteDesktopAdmin 31 | 32 | * **Ensure**: Ensures that �remote connections to this computer� are allowed or disallowed: { Absent | Present } 33 | * **UserAuthentication**: Enables or disables �Network Level Authentication�. Valid values are: 34 | * Secure 35 | * NonSecure 36 | 37 | 38 | ## Versions 39 | 40 | ### Unreleased 41 | 42 | * THIS MODULE HAS BEEN DEPRECATED. It will no longer be released. 43 | Please use the 'RemoteDesktopAdmin' resource in ComputerManagementDsc instead. 44 | * Update appveyor.yml to use the default template. 45 | * Added default template files .codecov.yml, .gitattributes, and .gitignore, and 46 | .vscode folder. 47 | 48 | ### 1.1.0.0 49 | 50 | * Updated OutputType to System.Boolean for Test-TargetResource and removed for Set-TargetResource. 51 | xRemoteDesktopSessionHost 52 | 53 | ### 1.0.3.0 54 | 55 | * Updated examples 56 | 57 | ### 1.0.2.0 58 | 59 | * Update to correct issue in Set-TargetResource when checking Ensure 60 | 61 | ### 1.0.0.0 62 | 63 | * Initial release with the following resource: 64 | * xRemoteDesktopAdmin 65 | 66 | 67 | ## Examples 68 | 69 | ### [ExampleConfiguration-RemoteDesktopAdmin.ps1](Examples/ExampleConfiguration-RemoteDesktopAdmin.ps1) 70 | 71 | This configuration configures the target system to allow for remote connections (i.e. allows an RDP session to be setup), enables Network Level Authentication and creates a Windows firewall rule to allow incoming RDP traffic. 72 | 73 | ### [ExampleConfiguration-RemoteDesktopAdminWithUnEncryptedPassword.ps1](Examples/ExampleConfiguration-RemoteDesktopAdminWithUnEncryptedPassword.ps1) 74 | 75 | This configuration extends the previous configuration by adding a domain user to the local Remote Desktop Users group using a credential stored in clear text (for testing purposes only). 76 | Note: this Example requires the built-in **Group** resource. 77 | 78 | ### [ExampleConfiguration-RemoteDesktopAdminWithEncryptedPassword.ps1](Examples/ExampleConfiguration-RemoteDesktopAdminWithEncryptedPassword.ps1) 79 | 80 | This configuration extends the previous configuration by adding a domain user to the local Remote Desktop Users group using certificates to encrypt credentials. Please refer to [this blog post](please refer to http://blogs.msdn.com/b/powershell/archive/2014/01/31/want-to-secure-credentials-in-windows-powershell-desired-state-configuration.aspx) for more info on how to use certificates to encrypt passwords. 81 | -------------------------------------------------------------------------------- /DSCResources/xRemoteDesktopAdmin/xRemoteDesktopAdmin.psm1: -------------------------------------------------------------------------------- 1 | <# 2 | This sample DSC Resource allows you to configure the Remote Desktop settings (under Remote Settings). 3 | Leveraging the xFirewall resource (included in MSFT_xNetworking), firewall rules can also be configured. 4 | Leveraging the Group resource (included in Windows), the "Remote Desktop Users" group can also be configured. 5 | This sample has been tested with Windows Server 2012 R2 and WMF 5.0 Preview 6 | Author: Tiander Turpijn, Microsoft Corporation 7 | 8 | Used parameters: 9 | Ensure [string] translates to reg value fDenyTSConnections [Int] - Allow RDP connection: Present = 0 "Enabled", Absent = 1 "Disabled" 10 | UserAuthentication [string] translates to reg value UserAuthentication [Int] - Allow only Network Level Authentication - connections: Secure = 1 "Secure", NonSecure = 0 "NonSecure" 11 | #> 12 | 13 | #region GET RDP Settings 14 | function Get-TargetResource 15 | { 16 | [CmdletBinding()] 17 | [OutputType([System.Collections.Hashtable])] 18 | param 19 | ( 20 | [Parameter(Mandatory)] 21 | [ValidateSet("Present","Absent")] 22 | [System.String]$Ensure, 23 | 24 | [ValidateSet("NonSecure", "Secure")] 25 | [System.String]$UserAuthentication 26 | ) 27 | 28 | switch ($Ensure) { 29 | "Present" {[System.Byte]$fDenyTSConnections = 0} 30 | "Absent" {[System.Byte]$fDenyTSConnections = 1} 31 | } 32 | 33 | switch ($UserAuthentication) { 34 | "NonSecure" {[System.Byte]$UserAuthentication = 0} 35 | "Secure" {[System.Byte]$UserAuthentication = 1} 36 | } 37 | 38 | $GetDenyTSConnections = Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections" 39 | $GetUserAuth = Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" 40 | 41 | $returnValue = @{ 42 | Ensure = switch ($GetDenyTSConnections.fDenyTSConnections) { 43 | 0 {"Present"} 44 | 1 {"Absent"} 45 | } 46 | UserAuthentication = switch ($GetUserAuth.UserAuthentication) { 47 | 0 {"NonSecure"} 48 | 1 {"Secure"} 49 | } 50 | } 51 | 52 | $returnValue 53 | } 54 | 55 | # Get-TargetResource 'Present' 'Secure' -Verbose 56 | # Expectation is a hashtable with configuration of the machine. 57 | 58 | #endregion 59 | 60 | #region SET RDP Settings 61 | function Set-TargetResource 62 | { 63 | [CmdletBinding()] 64 | param 65 | ( 66 | [Parameter(Mandatory)] 67 | [ValidateSet("Present","Absent")] 68 | [System.String]$Ensure, 69 | 70 | [ValidateSet("NonSecure", "Secure")] 71 | [System.String]$UserAuthentication 72 | ) 73 | 74 | switch ($Ensure) { 75 | "Present" {[System.Byte]$fDenyTSConnections = 0} 76 | "Absent" {[System.Byte]$fDenyTSConnections = 1} 77 | } 78 | 79 | switch ($UserAuthentication) { 80 | "NonSecure" {[System.Byte]$UserAuthentication = 0} 81 | "Secure" {[System.Byte]$UserAuthentication = 1} 82 | } 83 | 84 | $GetEnsure = (Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections").fDenyTSConnections 85 | $GetUserAuthentiation = (Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication").UserAuthentication 86 | 87 | #The make it so section 88 | if ($fDenyTSConnections -ne $GetEnsure) { 89 | Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value $fDenyTSConnections 90 | } 91 | if ($UserAuthentication -ne $GetUserAuthentication) { 92 | Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value $UserAuthentication 93 | } 94 | } 95 | 96 | # Set-TargetResource 'Present' 'Secure' -Verbose 97 | # Expectation is the computer will be configured to accept secure RDP connections. To verify, right click on the Windows button and open System - Remote Settings. 98 | 99 | #endregion 100 | 101 | #region TEST RDP Settings 102 | function Test-TargetResource 103 | { 104 | [CmdletBinding()] 105 | [OutputType([System.Boolean])] 106 | param 107 | ( 108 | [Parameter(Mandatory)] 109 | [ValidateSet("Present","Absent")] 110 | [System.String]$Ensure, 111 | 112 | [ValidateSet("NonSecure", "Secure")] 113 | [System.String]$UserAuthentication 114 | ) 115 | 116 | switch ($Ensure) { 117 | "Present" {[System.Byte]$fDenyTSConnections = 0} 118 | "Absent" {[System.Byte]$fDenyTSConnections = 1} 119 | } 120 | 121 | switch ($UserAuthentication) { 122 | "NonSecure" {[System.Byte]$UserAuthentication = 0} 123 | "Secure" {[System.Byte]$UserAuthentication = 1} 124 | } 125 | 126 | $GetfDenyTSConnections = (Get-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections").fDenyTSConnections 127 | $GetUserAuthentiation = (Get-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication").UserAuthentication 128 | 129 | $bool = $false 130 | 131 | if ($fDenyTSConnections -eq $GetfDenyTSConnections -and $UserAuthentication -eq $GetUserAuthentiation) 132 | { 133 | Write-Verbose "RDP settings are matching the desired state" 134 | $bool = $true 135 | } 136 | else 137 | { 138 | Write-Verbose "RDP settings are Non-Compliant!" 139 | if ($fDenyTSConnections -ne $GetfDenyTSConnections) { 140 | Write-Verbose "DenyTSConnections settings are non-compliant, Value should be $fDenyTSConnections - Detected value is: $GetfDenyTSConnections" 141 | } 142 | if ($UserAuthentication -ne $GetUserAuthentiation) { 143 | Write-Verbose "UserAuthentication settings are non-compliant, Value should be $UserAuthentication - Detected value is: $GetUserAuthentiation" 144 | } 145 | } 146 | 147 | $bool 148 | } 149 | 150 | # Test-TargetResource 'Present' 'Secure' -Verbose 151 | # Expectation is a true/false output based on whether the machine matches the declared configuration. 152 | 153 | #endregion 154 | 155 | 156 | Export-ModuleMember -Function *-TargetResource 157 | 158 | --------------------------------------------------------------------------------