Invoke-xRDP.ps1

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
function Invoke-xRDP {

<#
    .DESCRIPTION
    Starts native RDP client on computer with parameters which allows to provide One-Time Pass-code (OTP) for Microsoft RD Gateway which uses SecureMFA RD Gateway OTP Provider to enforce MFA authentication.
  
    .PARAMETER Server
    - Server � FQDN or IP address of the server where you need to connect.
 
    .PARAMETER GatewayHostname
    - GatewayHostname - FQDN of RD Gateway server.
 
    .PARAMETER OTP
    - OTP � One time pass-code for the user.
 
    .PARAMETER User
    - User [Optional] � Username of the user under which you connect. By default PS session user details will be used.
 
    .PARAMETER CustomRDPTemplate
    - CustomRDPTemplate [Optional] � Will use Default.rdp file settings as template to generate RDP connection file.
 
    .PARAMETER MapClientDrives
    - MapDrives [Optional] � Adds client drive mapping into RDP connection file.
 
    .PARAMETER DoNotUseCookieAuth
    - DoNotUseCookieAuth [Optional] � Disable Cookie Authentication for RDP connection.
 
    .EXAMPLE
    # Starts RDP session using RD Gateway �rdgserver1.adatum.labnet� to access server2.adatum.labnet for adatum domain administrator with OTP code 243256
    Invoke-xRDP -Server server2.adatum.labnet -GatewayHostname rdgserver1.adatum.labnet -User adatum\administrator -OTP 243256
 
    .LINK
    https://www.securemfa.com/downloads/mfa-rds-otp
 
#>



    [CmdletBinding()]
    Param(
        [Parameter(Mandatory=$true)][ValidateNotNullOrEmpty()][string]$Server,
        [Parameter(Mandatory=$false)][ValidateNotNullOrEmpty()][string]$GatewayHostname,    
        [Parameter(Mandatory=$false)][ValidateLength(6,6)][string]$OTP,
        [Parameter(Mandatory=$false)][string]$User = [System.Security.Principal.WindowsIdentity]::GetCurrent().Name,        
        [switch]$CustomRDPTemplate,
        [switch]$MapClientDrives,
        [switch]$DoNotUseCookieAuth
    )      
        
    #Variables
    $dynArray = New-Object System.Collections.Generic.List[System.Object]
    $AnchorDomain = "SecureMFA.com"

    #Create RDP Settings Template
    $RDPsettingsTemplate = @( 
    "screen mode id:i:2",
    "use multimon:i:0",
    "desktopwidth:i:1920",
    "desktopheight:i:1200",
    "session bpp:i:32",
    "winposstr:s:0,3,0,0,800,600",
    "compression:i:1",
    "keyboardhook:i:2",
    "audiocapturemode:i:0",
    "videoplaybackmode:i:1",
    "connection type:i:7",
    "networkautodetect:i:1",
    "bandwidthautodetect:i:1",
    "displayconnectionbar:i:1",
    "enableworkspacereconnect:i:0",
    "disable wallpaper:i:0",
    "allow font smoothing:i:0",
    "allow desktop composition:i:0",
    "disable full window drag:i:1",
    "disable menu anims:i:1",
    "disable themes:i:0",
    "disable cursor setting:i:0",
    "bitmapcachepersistenable:i:1",
    "full address:s:",
    "audiomode:i:0",
    "redirectprinters:i:1",
    "redirectcomports:i:0",
    "redirectsmartcards:i:1",
    "redirectclipboard:i:1",
    "redirectposdevices:i:0",
    "autoreconnection enabled:i:1",
    "authentication level:i:2",
    "prompt for credentials:i:0",
    "negotiate security layer:i:1",
    "remoteapplicationmode:i:0",
    "alternate shell:s:",
    "shell working directory:s:",
    "gatewayhostname:s:",
    "gatewayusagemethod:i:1",
    "gatewaycredentialssource:i:5",
    "gatewayaccesstoken:s:",
    "gatewayprofileusagemethod:i:1",
    "promptcredentialonce:i:0",
    "gatewaybrokeringtype:i:0",
    "use redirection server name:i:0",
    "rdgiskdcproxy:i:0",
    "kdcproxyname:s:"
    )
    
    #Validate which template to use
    if($CustomRDPTemplate) {if(Test-Path -Path ".\Default.rdp") {$RDPsettings = Get-Content .\Default.rdp} else {Write-host "Default.rdp Template file does not exist in $(Get-Location)" -ForegroundColor Yellow ; break}}
    else {$RDPsettings = $RDPsettingsTemplate}

    Try {    

        $RDPsettings | % { if (!$dynArray.Contains($_) -and ($_ -notlike "gatewaycredentialssource*") -and ($_ -notlike "gatewayhostname*") -and ($_ -notlike "gatewayaccesstoken*") -and ($_ -notlike "full address*")) { $dynArray.add($_)}} | out-null
        if($DoNotUseCookieAuth) {$dynArray.add("gatewaycredentialssource:i:4")} else {$dynArray.add("gatewaycredentialssource:i:5")}
        $dynArray.add("gatewayhostname:s:$GatewayHostname")
        $dynArray.add("gatewayaccesstoken:s:$User`:$OTP`:$AnchorDomain")
        $dynArray.add("full address:s:$Server")
        #Adds client drive mapping into RDP file
        if($MapClientDrives) {$dynArray.add("drivestoredirect:s:*")} 

        $dynArray | Out-File $env:HOMEPATH\"$Server.rdp"
        iex $env:HOMEPATH\"$Server.rdp"

    } Catch {Write-host $_.Exception.message -ForegroundColor Red}
}