diff --git a/lib/images/windows/templates/generalize.nix b/lib/images/windows/templates/generalize.nix
index f0c4712..2d872e2 100644
--- a/lib/images/windows/templates/generalize.nix
+++ b/lib/images/windows/templates/generalize.nix
@@ -97,13 +97,15 @@ in
     reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
     reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f
     reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f
-    :: Firewall rules for RDP (TCP + UDP)
-    netsh advfirewall firewall add rule name="RDP TCP" dir=in protocol=tcp localport=3389 action=allow
-    netsh advfirewall firewall add rule name="RDP UDP" dir=in protocol=udp localport=3389 action=allow
-    :: Enable and restart TermService
+    :: Enable RDP firewall rules and services
+    powershell -Command "Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'"
+    powershell -Command "Set-NetFirewallRule -DisplayGroup 'Remote Desktop' -Profile Any"
+    sc config SessionEnv start= auto
+    sc config UmRdpService start= auto
     sc config TermService start= auto
-    net stop TermService /y 2>nul
+    net start SessionEnv
     net start TermService
+    net start UmRdpService
     ''}
 
     :: Clean up