Enabling Remote Desktop using Unattended Setup

Enabling Remote Desktop using Unattended Setup

  • Comments 3
 

This document describes how remote connections can be enabled during unattend installation.

 

Important!! The examples given in this document are for information only. The recommended way to author answer files is to create them in Windows System Image Manager (Windows SIM). If you use a manually authored answer file, you must validate the answer file in Windows SIM to verify that it works. Because available settings and default values can change from time to time, you must revalidate your answer file when you reuse it.

 

For information on Windows SIM, please refer to Technet.

 

Unattend setting for enabling Remote Connections:

 

The following setting needs to be set to enable remote desktop:

 

Component name: "Microsoft-Windows-TerminalServices-LocalSessionManager"

Setting: fDenyTSConnections

Value: false

 

Enable Firewall exception for Remote Desktop:

 

The following setting needs to be added to the answer file to enable the firewall exception for remote desktop:

 

Component name: "Networking-MPSSVC-Svc"

FirewallGroups - FirewallGroup -

Active: true

Group: Remote Desktop

Profile: all

 

This corresponds to the following option (highlighted) in Windows Firewall settings:

 

Firewall Settings

 

Unattend setting for User Authentication:

 

You can optionally specify how users are authenticated before the remote desktop connection is established. If you do not specify this setting, by default you won't be able to remotely connect to the machine from computers/operating systems which do not support remote desktop with network level authentication.

 

The following setting needs to be added to the answer file to allow remote connections from computers running any version of remote desktop:

 

Component name: "Microsoft-Windows-TerminalServices-RDP-WinStationExtensions"

Setting: UserAuthentication

Value: 0

 

This corresponds to the following option in the system properties - remote tab:

 

Remote Tab Option 2

 

If you do not specify this unattend setting, by default, enabling remote desktop using unattended settings will result into this option in system properties - remote tab:

 

Remote Tab Option 3

 

Sample unattend file text:

 

This is an example of text in the answer file to enable remote desktop on x86 machines to accept connections from computers running any version of remote desktop (note that this is less secure as described remote tab UI):

 

IMPORTANT: If you use this text as-is in your answer file, you must validate the answer file in Windows SIM to verify that it works, before each use.

 

<?xml version='1.0' encoding='utf-8'?>

<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">

   <settings pass="specialize">

      <component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

          <fDenyTSConnections>false</fDenyTSConnections>

      </component>

      <component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

          <UserAuthentication>0</UserAuthentication>

      </component>

      <component name="Networking-MPSSVC-Svc" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">

          <FirewallGroups>

              <FirewallGroup wcm:action="add" wcm:keyValue="rd1">

                  <Active>true</Active>

                  <Group>Remote Desktop</Group>

                  <Profile>all</Profile>

              </FirewallGroup>

            </FirewallGroups>

        </component>

   </settings>

</unattend>

 

Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.

Leave a Comment
  • Please add 5 and 3 and type the answer here:
  • Post
  • saludos, gracias por el archivo

  • Amigos, otra vez por aqui... Esta vez para dejarles un enlace a un post del blog del Equipo de Terminal

  • it's didn't work for my home premium.

Page 1 of 1 (3 items)