DSCResources/ooRemoteDesktop/ooRemoteDesktop.schema.psm1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
Configuration ooRemoteDesktop {
    Import-DscResource -ModuleName NetworkingDsc -ModuleVersion 7.4.0.0
    Import-DscResource -ModuleName ComputerManagementDsc -ModuleVersion 8.0.0

    # Enable the service
    RemoteDesktopAdmin 'EnableRemoteDesktopService' {
        IsSingleInstance   = 'Yes'
        Ensure             = 'Present'
        UserAuthentication = 'NonSecure'
    }

    # Enable firewall exceptions
    foreach ($firewallRule in @('FPS-ICMP4-ERQ-In', 'FPS-ICMP6-ERQ-In', 'RemoteDesktop-UserMode-In-TCP', 'RemoteDesktop-UserMode-In-UDP')) {
        # In current versions of DSC you can pass a built-in rule name and enable it without specifying all of the other details
        Firewall "Enable$($firewallRule.Replace('-', ''))" {
            Name    = $firewallRule
            Ensure  = 'Present'
            Enabled = 'True'
        }
    }

    # Bulk-enable firewall exceptions for File and Printer sharing (needed to RDP from your host)
    Script 'EnableFileAndPrinterSharing' {
        GetScript  = {
            if (Get-NetFirewallRule -DisplayGroup 'File and Printer Sharing' | Where-Object { $_.Enabled -eq 'False' }) {
                @{ Result = "false"; }
            } else {
                @{ Result = "true"; }
            }
        }
        TestScript = {
            if (Get-NetFirewallRule -DisplayGroup 'File and Printer Sharing' | Where-Object { $_.Enabled -eq 'False' }) {
                $false
            } else {
                $true
            }
        }
        SetScript  = {
            Get-NetFirewallRule -DisplayGroup 'File and Printer Sharing' | Where-Object { $_.Enabled -eq 'False' } | Set-NetFirewallRule -Enabled True
        }
    }
}