top of page
Search

(164) Microsoft Intune - Update with enabling RDP with Remediation Scripts or PowerShell

  • Writer: Mr B SOE way
    Mr B SOE way
  • May 17
  • 2 min read

As mentioned in my previous post: https://soeintunedevice.wixsite.com/home/post/162-microsoft-intune-enabling-rdp-for-entra-joined-devices. To get the following enabled in 'Windows Defender Firewall with Advanced Security':

"Remote Desktop - Shadow (TCP-In)",

"Remote Desktop - User Mode (TCP-In)",

"Remote Desktop - User Mode (UDP-In)"


Which switches "Remote Desktop: Connect to and use this PC from another device using the Remote Desktop app" to "On"



You can create a remediation script: Detect and Remediate, where you can find my scripts.


Navigate to https://intune.microsoft.com/ then Devices then select Scripts and Remediations, select Create. Under Detection Script, upload: Detect.ps1 and under Remediation script, upload: Remediate.ps1.


Run this script using the logged-on credentials: Select No

Enforce script signature check: Select No

Run script in 64-bit PowerShell: Select No


It should look like this.















Alternatively, if you are not licensed to use Remediation scripts as in you don't have a E3 or E5 license, then you can use PowerShell scripts.


# Enable Remote Desktop - Shadow (TCP-In) using netsh
netsh advfirewall firewall add rule name="Remote Desktop - Shadow (TCP-In)" `
    dir=in action=allow program="%SystemRoot%\system32\RdpSa.exe" `
    protocol=TCP localport=any profile=any enable=yes

# Enable Remote Desktop - User Mode (TCP-In) using netsh
netsh advfirewall firewall add rule name="Remote Desktop - User Mode (TCP-In)" `
    dir=in action=allow program="%SystemRoot%\system32\svchost.exe" `
    protocol=TCP localport=3389 profile=any enable=yes

# Enable Remote Desktop - User Mode (UDP-In) using netsh
netsh advfirewall firewall add rule name="Remote Desktop - User Mode (UDP-In)" `
    dir=in action=allow program="%SystemRoot%\system32\svchost.exe" `
    protocol=UDP localport=3389 profile=any enable=yes

# Enable Remote Desktop - Shadow (TCP-In) using Enable-NetFirewallRule
Enable-NetFirewallRule -DisplayName "Remote Desktop - Shadow (TCP-In)"

# Enable Remote Desktop - User Mode (TCP-In) using Enable-NetFirewallRule
Enable-NetFirewallRule -DisplayName "Remote Desktop - User Mode (TCP-In)"

# Enable Remote Desktop - User Mode (UDP-In) using Enable-NetFirewallRule
Enable-NetFirewallRule -DisplayName "Remote Desktop - User Mode (UDP-In)"

For the Script settings:

PowerShell script: Upload the code above, save it as WhateverNameYouLike.ps1

Run this script using the logged on credentials: No Enforce script signature check: No

Run script in 64 bit PowerShell Host: No



 
 
 

Comments

bottom of page