SecureMFA_RDS

1.0.0.2

Invoke-xRDP.ps1

                                function Invoke-xRDP {

<# 

    .DESCRIPTION

    Starts native RDP client on computer with parameters which allows to provide One-Time Pass-code (OTP) for Microsoft RD Gateway which uses SecureMFA RD Gateway OTP Provider to enforce MFA authentication. 

    .PARAMETER Server

    - Server � FQDN or IP address of the server where you need to connect.

    .PARAMETER GatewayHostname

    - GatewayHostname - FQDN of RD Gateway server.

    .PARAMETER OTP

    - OTP � One time pass-code for the user.

    .PARAMETER User

    - User [Optional]  � Username of the user under which you connect. By default PS session user details will be used.

    .PARAMETER CustomRDPTemplate

    - CustomRDPTemplate [Optional] � Will use Default.rdp file settings as template to generate RDP connection file.

    .PARAMETER MapClientDrives 

    - MapDrives [Optional] � Adds client drive mapping into RDP connection file.

    .PARAMETER DoNotUseCookieAuth 

    - DoNotUseCookieAuth [Optional] � Disable Cookie Authentication for RDP connection.

    .EXAMPLE

    # Starts RDP session using RD Gateway �rdgserver1.adatum.labnet� to access server2.adatum.labnet with OTP code 243256

    Invoke-xRDP -Server server2.adatum.labnet -GatewayHostname rdgserver1.adatum.labnet -User Administrator -OTP 243256

    .LINK

    https://www.securemfa.com/downloads/mfa-rds-otp

#>

    [CmdletBinding()]

    Param(

        [Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][string]$Server,

        [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][string]$GatewayHostname,    

        [Parameter(Mandatory=$false)][ValidateLength(6,6)][string]$OTP,

        [Parameter(Mandatory=$false)][string]$User = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name,        

        [switch]$CustomRDPTemplate,

        [switch]$MapClientDrives,

        [switch]$DoNotUseCookieAuth

    )      

    #Variables

    $dynArray = New-Object System.Collections.Generic.List[System.Object]

    $AnchorDomain = "SecureMFA.com"

    #Create RDP Settings Template 

    $RDPsettingsTemplate = @( 

    "screen mode id:i:2",

    "use multimon:i:0",

    "desktopwidth:i:1920",

    "desktopheight:i:1200",

    "session bpp:i:32",

    "winposstr:s:0,3,0,0,800,600",

    "compression:i:1",

    "keyboardhook:i:2",

    "audiocapturemode:i:0",

    "videoplaybackmode:i:1",

    "connection type:i:7",

    "networkautodetect:i:1",

    "bandwidthautodetect:i:1",

    "displayconnectionbar:i:1",

    "enableworkspacereconnect:i:0",

    "disable wallpaper:i:0",

    "allow font smoothing:i:0",

    "allow desktop composition:i:0",

    "disable full window drag:i:1",

    "disable menu anims:i:1",

    "disable themes:i:0",

    "disable cursor setting:i:0",

    "bitmapcachepersistenable:i:1",

    "full address:s:",

    "audiomode:i:0",

    "redirectprinters:i:1",

    "redirectcomports:i:0",

    "redirectsmartcards:i:1",

    "redirectclipboard:i:1",

    "redirectposdevices:i:0",

    "autoreconnection enabled:i:1",

    "authentication level:i:2",

    "prompt for credentials:i:0",

    "negotiate security layer:i:1",

    "remoteapplicationmode:i:0",

    "alternate shell:s:",

    "shell working directory:s:",

    "gatewayhostname:s:",

    "gatewayusagemethod:i:1",

    "gatewaycredentialssource:i:5",

    "gatewayaccesstoken:s:",

    "gatewayprofileusagemethod:i:1",

    "promptcredentialonce:i:0",

    "gatewaybrokeringtype:i:0",

    "use redirection server name:i:0",

    "rdgiskdcproxy:i:0",

    "kdcproxyname:s:"

    )

    #Validate which template to use

    if($CustomRDPTemplate) {if(Test-Path -Path ".\Default.rdp") {$RDPsettings = Get-Content .\Default.rdp} else {Write-host "Default.rdp Template file does not exist in $(Get-Location)" -ForegroundColor Yellow ; break}}

    else {$RDPsettings = $RDPsettingsTemplate}

    Try {    

        $RDPsettings | % { if (!$dynArray.Contains($_) -and ($_ -notlike "gatewaycredentialssource*") -and ($_ -notlike "gatewayhostname*") -and ($_ -notlike "gatewayaccesstoken*") -and ($_ -notlike "full address*")) { $dynArray.add($_)}} | out-null

        if($DoNotUseCookieAuth) {$dynArray.add("gatewaycredentialssource:i:4")} else {$dynArray.add("gatewaycredentialssource:i:5")}

        $dynArray.add("gatewayhostname:s:$GatewayHostname")

        $dynArray.add("gatewayaccesstoken:s:$User`:$OTP`:$AnchorDomain")

        $dynArray.add("full address:s:$Server")

        #Adds client drive mapping into RDP file

        if($MapClientDrives) {$dynArray.add("drivestoredirect:s:*")} 

        $dynArray | Out-File $env:HOMEPATH\"$Server.rdp"

        iex $env:HOMEPATH\"$Server.rdp"

    } Catch {Write-host $_.Exception.message -ForegroundColor Red}

}