diff --git a/lib/images/windows/templates/generalize.nix b/lib/images/windows/templates/generalize.nix
index 2d872e2..c322a0d 100644
--- a/lib/images/windows/templates/generalize.nix
+++ b/lib/images/windows/templates/generalize.nix
@@ -97,12 +97,13 @@ in
     reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
     reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f
     reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f
-    :: Enable RDP firewall rules and services
+    :: Enable RDP firewall rules for all network profiles
     powershell -Command "Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'"
     powershell -Command "Set-NetFirewallRule -DisplayGroup 'Remote Desktop' -Profile Any"
-    sc config SessionEnv start= auto
-    sc config UmRdpService start= auto
-    sc config TermService start= auto
+    :: Set all RDP services to auto-start via registry (sc config can fail silently)
+    reg add "HKLM\SYSTEM\CurrentControlSet\Services\SessionEnv" /v Start /t REG_DWORD /d 2 /f
+    reg add "HKLM\SYSTEM\CurrentControlSet\Services\UmRdpService" /v Start /t REG_DWORD /d 2 /f
+    reg add "HKLM\SYSTEM\CurrentControlSet\Services\TermService" /v Start /t REG_DWORD /d 2 /f
     net start SessionEnv
     net start TermService
     net start UmRdpService