Admin Development Model in Action

Admin Development Model in Action

  • Comments 5

Ken Taylor has a PowerShell blog over on LiveSpaces. Today he posted a blog entry, Enabling RDP with PowerShell, that had me jumping for joy as a perfect example of the Admin Development Model in action. The whole point of the admin development model is that you use tools to quickly investigate the system and manage it. Ken needed to enable RDP on a remote Server and remembered that it was possible to do via WMI. Read his blog for the steps he used to quickly and easily investigate the system to find exactly want he needed to do within 2 minutes!.

The only thing Ken didn't do was to encode this information in a script for sharing with others. I'll do that there:

Function Enable-RDP ($Server)
{ $Terminal = Get-WmiObject Win32_Terminal –Computer $Server

The particular solution is not the point, the way he thought about the problem and the steps he took to solve it are.

Hats off to you Ken!

Jeffrey Snover [MSFT]
Windows PowerShell/MMC Architect
Visit the Windows PowerShell Team blog at:
Visit the Windows PowerShell ScriptCenter at:


Leave a Comment
  • Please add 4 and 6 and type the answer here:
  • Post
  • Jeffery,

    Have you tried this against/on Vista? Do you need to brush up on your wmi namespaces? (only joking) Can you improve so it will work against all OS's and also disable as well as enable in same function? What about Vista's capability of setting differnt levels of RDP security?


  • So Jeffery,

    I apologize for yesterday’s brief comment/criticism and not fully entering into the community spirit and supplying a possible improvement myself – my excuse; it was Saturday and I had to go rock climbing!

    Now it is Sunday morning and I have time to give some better input.

    First I do not think that the WMI Win32_Terminal class that you and Ken used can enable or disable RDP. Following my finding that your code didn’t work on Vista I first found the namespace issue; on Vista all aspects of TS related issues have moved to root\CIMV2\TerminalServices namespace.

    Having changed the namespace issue I ran your modified function and looking in either the registry or the system tool the appropriate settings were not changed in HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server – fDenyTSConnections. So what was happening? Because I am still learning PowerShell (isn't everyone) not only do I use the shell for investigation I go back to my VBScript roots and didn’t use PowerShell to move further I actually used (shame upon shame) a GUI tool WMICodeCreator to do some investigation (as an aside I will be extactic will this tool is updated to support PowerShell - are there any takes yet?). It turns out that the WMI class responsible for the settings we need is – Win32_TerminalServiceSetting and the actual method involved is – SetAllowTSConnections.

    So here goes at my function; if I had more time and didn’t need to go climbing on Sunday as well I would have put in some checking of the arguments provide; such as for $Server “.” for local host or “a name” for remote; what is provided for $set On/Off or 1/0 and maybe same for the RDP 6.0 security- $Secure. Anyway here it is and constructive/destructive critique most welcome:

    Function Set-RDP ($Server, $Set, $Secure)

    { $OS = gwmi Win32_OperatingSystem -Computer $Server

    If ($OS.BuildNumber -ge 6000){

    $Terminal = gwmi -namespace "root\CIMV2\TerminalServices" Win32_TerminalServiceSetting –Computer $Server

    $SetSecure = gwmi -namespace "root\CIMV2\TerminalServices" Win32_TSGeneralSetting –Computer $Server




    Else {

    $Terminal = gwmi Win32_TerminalServiceSetting –Computer $Server

    $SetSecure = Win32_TSGeneralSetting –Computer $Server




    I did test it on Vista.



  • Pete

    10,000 thanks for an example of the Community Development Model in action!

    Jeffrey Snover [MSFT]

    Windows PowerShell/MMC Architect

    Visit the Windows PowerShell Team blog at:

    Visit the Windows PowerShell ScriptCenter at:

  • Hi Jeffery, Pete and Ken,

    Thanks for posting this.

    I am having a problem.

    If I try to do this connecting from a machine1 not connected to domain to a machine2 (using the -credential option) in the domain, I always get a access denied error. However, it works when I use wmic.

    It does work when both machines are in the domain and the logged in user has credentials.

    I'd appreciate it if you can shed light on this.

    gwmi Win32_TerminalServiceSetting -Computer computername -credential domain\administrator

    format-default : Exception retrieving members: "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))



    WMIC /NODE:"computername" RDTOGGLE WHERE ServerName="computername" CALL SetAllowTSConnections 1 /user:domain\administrator

    Enter the password :*******

    Executing (\\computername\ROOT\CIMV2:Win32_TerminalServiceSetting.ServerName="computername")->SetAllowTSConnections()

    Method execution successful.

    Out Parameters:

    instance of __PARAMETERS


           ReturnValue = 0;


    Thanks much.


  • Awesome Thanks!

    For others:

    Example command after running the script above...

    set-rdp computer 1 0

    (sets rdp for computer on with no security)

    thanks again!

Page 1 of 1 (5 items)