Command/Private/RdpConnectToHome.ps1
<# Allow a rdp connection from the work computer (source) to the private computer (target). The username of the target computer is "Admin". A password is not required. Precondition: The source computer must be a member of the "Remote Desktop Users" group. Precondition: Install certificates If this precondition is not met, you wil get a certficate warning whenever you connect to the target computer. - On the target computer open "certlm.msc". - Go to folder "Remote Desktop/Certificates". - There should be a certificate named according to the computer e.g. "DESKTOP-39MBRPL". - Rightclick and select "All Tasks > Export" and export the certificate e.g. in DER format. Creation of a private key is not required. - Copy this certifcate over to the source computer and install it. Just doubleclick the DER file and click "Install certificate". - Select "Local Machine", then "Next". - Select "Place all certificates in the following store" and choose "Trusted Root Certifcation Authorities". Press "OK" - The certificate has been installed. - Now repeat the installation but this time, select "Place all certificates in the following store" and choose "Remote Desktop". - The installed certificates should be issued to "DESKTOP-39MBRPL". To check this, open the certificate and assert that the field Subject has the value "DESKTOP-39MBRPL". Precondition: Enter the target computer IP to the hosts file If this precondition is not met, you wil get a certificate warning whenever you connect to the target computer. - Go to file "C:\Windows\System32\drivers\etc\hosts". - Open the file in a text editor with admin rights. - Enter the IP and host name of the target computer like so: 192.168.2.123 DESKTOP-39MBRPL # my private computer This allows to safely connect to the target computer via its host name. Hint: If you would connect to the target computer via its IP address you would get a certificate warning because the IP address does not match the Subject of the certificate. Further I have modified: Open Group Policy Editor and navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security> Always prompt for password upon connection = Disabled If that's not working change back to "Not Configured" #> Import-Module CmxModule -Force -DisableNameChecking SetWindowTitle $MyInvocation.MyCommand.Name if(-not (IsMemberOfRemoteDesktopUserGroup)) { Write-Output "The current user is not a member of the `"Remote Desktop Users`" group. A remote desktop connection is not possible." exit 1 } #& cmdkey /generic:"192.168.2.123" /user:"ad001\admin" /pass:"" #& cmdkey /generic:"TERMSRV/192.168.2.123" /user:"ad001\admin" /pass:"xx" #& cmdkey /generic:"DESKTOP-39MBRPL" /user:"admin" /pass:"" #cmdkey /delete:server-address #$target = "192.168.2.123" $target = "DESKTOP-39MBRPL" Write-Host "Connecting . . . " RemoteDesktopConnect -Target $target Write-Host "Done" |