CmxModule

1.11

Command/Private/RdpConnectToHome.ps1

                                
<#

Allow a rdp connection from the work computer (source) to the private computer (target).

The username of the target computer is "Admin". A password is not required.

Precondition: The source computer must be a member of the "Remote Desktop Users" group.

Precondition: Install certificates

If this precondition is not met, you wil get a certficate warning whenever you

connect to the target computer.

- On the target computer open "certlm.msc".

- Go to folder "Remote Desktop/Certificates".

- There should be a certificate named according to the computer e.g. "DESKTOP-39MBRPL".

- Rightclick and select "All Tasks > Export" and export the certificate e.g. in DER format.

  Creation of a private key is not required.

- Copy this certifcate over to the source computer and install it.

  Just doubleclick the DER file and click "Install certificate".

- Select "Local Machine", then "Next".

- Select "Place all certificates in the following store" and choose "Trusted Root Certifcation Authorities". Press "OK"

- The certificate has been installed.

- Now repeat the installation but this time, select "Place all certificates in the following store" and choose "Remote Desktop".

- The installed certificates should be issued to "DESKTOP-39MBRPL". To check this, open the certificate and assert that the field Subject has the value "DESKTOP-39MBRPL".

Precondition: Enter the target computer IP to the hosts file

If this precondition is not met, you wil get a certificate warning whenever you

connect to the target computer.

- Go to file "C:\Windows\System32\drivers\etc\hosts".

- Open the file in a text editor with admin rights.

- Enter the IP and host name of the target computer like so:

  192.168.2.123   DESKTOP-39MBRPL  # my private computer

  This allows to safely connect to the target computer via its host name.

  Hint: If you would connect to the target computer via its IP address you would get a certificate warning because the IP address does not match the Subject of the certificate.

  Further I have modified:

  Open Group Policy Editor and navigate to Computer Configuration > Administrative Templates > Windows Components > Remote Desktop Services > Remote Desktop Session Host > Security> Always prompt for password upon connection = Disabled

  If that's not working change back to "Not Configured"

#>

Import-Module CmxModule -Force -DisableNameChecking

SetWindowTitle $MyInvocation.MyCommand.Name

if(-not (IsMemberOfRemoteDesktopUserGroup))

{

    Write-Output "The current user is not a member of the `"Remote Desktop Users`" group. A remote desktop connection is not possible."

    exit 1

}

#& cmdkey /generic:"192.168.2.123" /user:"ad001\admin" /pass:""

#& cmdkey /generic:"TERMSRV/192.168.2.123" /user:"ad001\admin" /pass:"xx"

#& cmdkey /generic:"DESKTOP-39MBRPL" /user:"admin" /pass:""

#cmdkey /delete:server-address

#$target = "192.168.2.123"

$target = "DESKTOP-39MBRPL"

Write-Host "Connecting . . . "

RemoteDesktopConnect -Target $target

Write-Host "Done"