So I was setting up a KIOSK environment using Windows 10 1709 for a client recently and we wanted to take the route of applying as few GPOs as possible (as it should be in 2018)!
Ensuring that this stayed disabled was something that we decided to deploy using ConfigMgr Configuration Baselines.
So the Check compliance script is as follows:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 |
################################################################################################################## # # Author: Richie Schuster - C5 Alliance - SCCMOG.com # Date: 06/07/2018 # Script: Action-CheckRDPCompliance.ps1 # Usage: Powershell.exe -ExecutionPolicy Bypass -File .\Action-CheckRDPCompliance.ps1 # ################################################################################################################## #Variables $TSRegPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" $TSRegProperty = "fDenyTSConnections" $RDPTcpRegPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" $RDPTcpRegProperty = "UserAuthentication" #Set initial values $TSSet = $True $RDPTCPSet = $True $RDPUserinTCPReturn = $True $RDPUserinUDPReturn = $True $RDPShadinTCPReturn = $True #Test fDenyTSConnections state $TSReturn = (Get-ItemProperty -Path $TSRegPath -Name $TSRegProperty -ErrorAction SilentlyContinue).fDenyTSConnections If ($TSReturn -eq 1) { $TSSet = $false } #Test RDP-TCP State $RDPTCPReturn = (Get-ItemProperty -Path $RDPTcpRegPath -Name $RDPTcpRegProperty -ErrorAction SilentlyContinue).UserAuthentication If ($RDPTCPReturn -eq 0) { $RDPTCPSet = $false } #Get Firewall states $RDPUserinTCPReturn = (Get-NetFirewallRule -Name $RDPUserinTCP -ErrorAction SilentlyContinue).Enabled $RDPUserinUDPReturn = (Get-NetFirewallRule -Name $RDPUserinUDP -ErrorAction SilentlyContinue).Enabled $RDPShadinTCPReturn = (Get-NetFirewallRule -Name $RDPShadinTCP -ErrorAction SilentlyContinue).Enabled #Evaluate and report If (!($RDPUserinTCPReturn) -and ($RDPUserinUDPReturn) -and ($RDPShadinTCPReturn) -and ($TSSet) -and ($RDPTCPSet)) { Write-Host "Compliant!" } ################################################################################################################## |
Ok, so now the check script is out the way, here is the remediation script:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 |
################################################################################################################## # # Author: Richie Schuster - C5 Alliance - SCCMOG.com # Date: 06/07/2018 # Script: Action-RemediateRDPCompliance.ps1 # Usage: Powershell.exe -ExecutionPolicy Bypass -File .\Action-RemediateRDPCompliance.ps1 # ################################################################################################################## #Variables $TSRegPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" $TSRegProperty = "fDenyTSConnections" $RDPTcpRegPath = "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" $RDPTcpRegProperty = "UserAuthentication" #Remediate and Block RDP Set-ItemProperty $TSRegPath -Name $TSRegProperty -Value 1 -Force Set-ItemProperty $RDPTcpRegPath -Name $RDPTcpRegProperty -Value 0 -Force Disable-NetFirewallRule -DisplayGroup "Remote Desktop" #The End :) ################################################################################################################## |
As Always scripts are as is, and if you do use them remeber where you got them from 😉
If you would like to see the setup of this baseline let me know in the comments below.
Cheers,
SCCMOG