Real-World use of Remote Desktop Services (RDS) Powershell to Automate Deployment

By Chris Blackburn

In the voice of Professor Farnsworth “Good news everybody”! I’ve finally left my old IT consulting job to finally go full time as cloud services manager with a good friend of mine at his company (shameless plus, however he does help keep the lights on for this site) after working with him on a project basis over the last 6 years.

One of the first things on my to-do list was automating the deployment of terminal server, otherwise knows as Remote Desktop Services now in Windows Server 2008 R2. The easy part of the task was building the VM in our VMWare cluster, performing the SYSPREP, and creating the template.

The objective is 4 fold:

  • Installing the licensing service and RDS services (plus performing a reboot).
  • Activating the licensing services and installing licenses
  • Customizing the session settings
  • Adding an AD group to the local RD Users group

The reason we have been deploying a licensing server on the same box is due to authentication issues with the terminal server failing to communicate to a license server on a separate box. Nothing we’ve found yet has been a solution however it has it’s benefits in being able to limit the licenses per environment versus them tapping into a large pool.

There’s very limited information out there on how to REALLY setup and install the RDS via PowerShell so after many hours of trial and error I’ve put together these 2 PowerShell scripts to automates this process:


Import-Module ServerManager
Add-WindowsFeature -name RDS-RD-Server,RDS-Licensing
shutdown /r /t 1

After the install process and reboot, run the config script:


#Let’s use the regular Powershell and import all of the available modules

#Just in case the Licensing Service didnt start…
net start termservlicensing

#Let’s verify the RDS PowerShell provider is accessible
cd RDS:

#We need to specify the end user/company info before we can activate
set-item -path rds:\licenseserver\configuration\Firstname -value End
set-item -path rds:\licenseserver\configuration\Lastname -value User
set-item -path rds:\licenseserver\configuration\Company -value Company
set-item -path rds:\licenseserver\configuration\CountryRegion -value United States

#Now that we’ve entered the company info lets activate
#Reason = New Install (5)
Set-Item -path RDS:\LicenseServer\ActivationStatus -Value 1 -ConnectionMethod AUTO -Reason 5

#After we’ve activated the license server, let’s set the license mode to Per User (4) or Per Devices (2)
Set-Item -path RDS:\RDSConfiguration\LicensingSettings\LicensingType -Value 4

#Now let’s specify the activation server. Were using the same machine so let’s find the FQDN
$sysinfo = Get-WmiObject -Class Win32_ComputerSystem
$fqdn = “{0}.{1}” -f $sysinfo.Name, $sysinfo.Domain
new-item -path RDS:\RDSConfiguration\LicensingSettings\SpecifiedLicenseServers -Name $fqdn

#Now that the licensing server is setup, lets add some CALs
#ProductVersion = 2 (2008/2008R2), 1 (2003), 0 (2000)
#ProductType = 0 (Device), 1 (User), 2 (VDI STD), 3 (VDI PREM)
$LicCount = Read-Host “Number of Licenses?”
New-Item -path RDS:\LicenseServer\LicenseKeyPacks -InstallOption INSTALL -ConnectionMethod AUTO -LicenseType AGREEMENT -AGREEMENTTYPE 0 -AGREEMENTNUMBER ####### -PRODUCTVERSION 2 -PRODUCTTYPE 1 -LICENSECOUNT $LicCOunt

#Now let’s do a little bit of customization on the session settings
#Changing color depth to 32-bit (5), 24-bit (4), 16-bit (3)
Set-Item -path RDS:\rdsconfiguration\connections\rdp-tcp\environmentsettings\colordepth -Value 5
#Setting the idle session policies
#Enable Override user setting (timeout): 0 (enabled), 1 (disable)
Set-Item -path RDS:\rdsconfiguration\connections\rdp-tcp\sessiontimelimitsettings\BrokenConnectionPolicy -value 0
#End disconnected session: Never (no value)
#Active session limit: Never (no value)
#Idle session limit: 3 hours (10800000), 2 hours (720000), 1 hour (360000)
Set-Item -path RDS:\rdsconfiguration\connections\rdp-tcp\sessiontimelimitsettings\IdleSessionLimit -value 10800000
#When session limit is reached or connection is broken: Disconnect the user (0), Terminate the session (1)
Set-Item -path RDS:\rdsconfiguration\connections\rdp-tcp\sessiontimelimitsettings\BrokenConnectionAction -value 1

#Finally, let’s add the write group to the local Remote Desktop Users group for dial-in
$adTSgroup = Read-Host “Name of TS group?”
$localmachine = gc env:computername
$objUser = [ADSI](“WinNT://DOMAIN/$adTSgroup”)
$objGroup = [ADSI](“WinNT://$localmachine/Remote Desktop Users”)

3 Comments Leave a comment

  1. It's Official! I'm an Enterprise Messaging Administrator
  2. Hello and thanks for this post. I was looking for something like it from long time ago.

    I’m having a problem, since I installed the modules and imported them I am able to get into the “RDS:” and “RDS:\LicenseServer” directories. However the RDSConfiguration container and it’s inner files don’ exist, therefore I’m unable to configure the license type and the rest of the things.

    I tried to create the container and variables but I keep getting a Permission Denied issue.

    Could you please give me some hints here?

    Thanks in advance. Regards

Share your thoughts