How to enable RDP 8.0 (From Group Policy) in windows 7 by scripting (e.g. vbScript)

JisanMahmud picture JisanMahmud · Apr 10, 2014 · Viewed 25.2k times · Source

Recently I have installed two windows updates KB2574819 and KB2592687 for RDP 8.0 in my 32 bit windows 7 service pack 1 PC for Remote Desktop Login. To enable the RDP 8.0 I have to enable it from the Group Policy. For this I have to run the gpedit.msc then go to the path

Computer Configuration-> Administrative Templates-> Windows Components-> Remote Desktop Services-> Remote Desktop Session Host-> Remote Session Environment->Enable Remote Desktop Protocol 8.0. and also Set Compression Algorithm to RDP Data to "Optimized to use less Network Bandwidth"

If I change the Group Policy manually It works perfectly OK. But I need to do this part using a script and for doing this I am passing hard time. After Googling for two days I came to this conclusion that when I Enable the RDP 8.0 from Group Policy it affects two things, 1. Registry 2. "C:\Windows\System32\GroupPolicy\Machine\Registry.pol".

Registry: By using the ProcMon Software I found that the change in the registry is made in the following path

"HKCU\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\{BE9DF25D-98DB-44BA-844D-20120DDC758D}Machine\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fServerEnableRDP8"

That means If I set value 1 to fServerEnableRDP8, it will work. But the Problem is that in the path, "{BE9DF25D-98DB-44BA-844D-20120DDC758D}" Changes per machine even per installation of the updates. That's why after installing the updates I cannot directly set the value to registry.

Registry.pol: I manually enabled the RDP 8.0 in my PC. Then in the target PC I replaced it's Registry.pol file with mine. The gpedit.msc shows that RDP 8.0 is enabled but during remote session it does not use the RDP 8.0 (The Network sign was not there on the top bar, it's the RDP 8.0 indicator). The reason behind it that when I replaced the Registry.pol file and ran the command "gpupdate /force" it created a new path in the Registry. When I again enabled manually from the gpedit.msc it created another path. Mainly the numeric values (e.g. {BE9DF25D-98DB-44BA-844D-20120DDC758D}) changes in the path and windows follows the path in the registry what gpedit.msc created.

I found about the Group Policy Object but i did not find much or proper documentation about it.

So my question is

  1. How to do it by scripting? Can you provide some script or example? Please explain your answer.
  2. Can you provide some good tutorials on Scripting Group Policy Object like step by step introduction or something like that?

Thanks in Advance.

Answer

Ben picture Ben · Aug 7, 2014

Not sure if you REQUIRE the setting to come from local group policy, but if you want to bypass the group policy problems, just set this Registry Key which will be common to all windows systems. The registry path you have is related to the group policy processing which will be different for each machine, so it will be difficult to script. Unless your in a domain I would avoid group policy.

 Windows Registry Editor Version 5.00

 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services]
 "SelectTransport"=dword:00000000
 "fServerEnableRDP8"=dword:00000001

Place that block into a text file named settings.REG file. You can double-click it or just commit it with:

regedit.exe /S settings.REG

The /S makes it silently install to the registry for scripting needs. I added "selecttransport" because it enables UDP transport for RDP traffic. With this .REG file you'll have the same settings in windows 7 as is default in windows 8.1.

-Ben