From e658cd5404cc45d6a7889b775648ca32bf5beb25 Mon Sep 17 00:00:00 2001 From: Git Sagar Date: Sun, 7 Jun 2026 22:18:26 +0530 Subject: [PATCH] fix RDP: auto-start SessionEnv and UmRdpService, enable firewall rules for all profiles MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit TermService alone doesn't create the RDP listener — SessionEnv (Remote Desktop Configuration) and UmRdpService (Port Redirector) must also be running. Use PowerShell Enable-NetFirewallRule to enable the built-in Remote Desktop firewall rules for all network profiles instead of creating custom netsh rules. Co-Authored-By: Claude Opus 4.6 (1M context) --- lib/images/windows/templates/generalize.nix | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/lib/images/windows/templates/generalize.nix b/lib/images/windows/templates/generalize.nix index f0c4712..2d872e2 100644 --- a/lib/images/windows/templates/generalize.nix +++ b/lib/images/windows/templates/generalize.nix @@ -97,13 +97,15 @@ in reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f reg add "HKLM\SYSTEM\CurrentControlSet\Control\Lsa" /v LimitBlankPasswordUse /t REG_DWORD /d 0 /f - :: Firewall rules for RDP (TCP + UDP) - netsh advfirewall firewall add rule name="RDP TCP" dir=in protocol=tcp localport=3389 action=allow - netsh advfirewall firewall add rule name="RDP UDP" dir=in protocol=udp localport=3389 action=allow - :: Enable and restart TermService + :: Enable RDP firewall rules and services + powershell -Command "Enable-NetFirewallRule -DisplayGroup 'Remote Desktop'" + powershell -Command "Set-NetFirewallRule -DisplayGroup 'Remote Desktop' -Profile Any" + sc config SessionEnv start= auto + sc config UmRdpService start= auto sc config TermService start= auto - net stop TermService /y 2>nul + net start SessionEnv net start TermService + net start UmRdpService ''} :: Clean up