diff --git a/lib/images/windows/templates/generalize.nix b/lib/images/windows/templates/generalize.nix index 431f664..13b2a65 100644 --- a/lib/images/windows/templates/generalize.nix +++ b/lib/images/windows/templates/generalize.nix @@ -97,19 +97,16 @@ in ${lib.optionalString enableRDP '' :: Enable RDP - reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f - reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f + powershell -Command "Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value 0" + powershell -Command "Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name UserAuthentication -Value 1" reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f - :: Enable RDP firewall rules for all network profiles - powershell -Command "Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'" - powershell -Command "Set-NetFirewallRule -DisplayGroup 'Remote Desktop' -Profile Any" - :: Set all RDP services to auto-start via registry (sc config can fail silently) + :: Create firewall rules for all profiles (New-NetFirewallRule is more reliable than Enable-NetFirewallRule) + powershell -Command "New-NetFirewallRule -DisplayName 'RDP (TCP)' -Direction Inbound -Action Allow -Protocol TCP -LocalPort 3389 -RemoteAddress Any -Profile Any -Enabled True | Out-Null" + powershell -Command "New-NetFirewallRule -DisplayName 'RDP (UDP)' -Direction Inbound -Action Allow -Protocol UDP -LocalPort 3389 -RemoteAddress Any -Profile Any -Enabled True | Out-Null" + :: Set all RDP services to auto-start reg add "HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv" /v Start /t REG_DWORD /d 2 /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\UmRdpService" /v Start /t REG_DWORD /d 2 /f reg add "HKLM\SYSTEM\CurrentControlSet\Services\TermService" /v Start /t REG_DWORD /d 2 /f - net start SessionEnv - net start TermService - net start UmRdpService ''} :: Clean up