This document describes how remote connections can be enabled during unattend installation.
Important!! The examples given in this document are for information only. The recommended way to author answer files is to create them in Windows System Image Manager (Windows SIM). If you use a manually authored answer file, you must validate the answer file in Windows SIM to verify that it works. Because available settings and default values can change from time to time, you must revalidate your answer file when you reuse it.
For information on Windows SIM, please refer to Technet .
Unattend setting for enabling Remote Connections:
The following setting needs to be set to enable remote desktop:
Component name: "Microsoft-Windows-TerminalServices-LocalSessionManager"
Setting: fDenyTSConnections
Value: false
Enable Firewall exception for Remote Desktop:
The following setting needs to be added to the answer file to enable the firewall exception for remote desktop:
Component name: "Networking-MPSSVC-Svc"
FirewallGroups - FirewallGroup -
Active: true
Group: Remote Desktop
Profile: all
This corresponds to the following option (highlighted) in Windows Firewall settings:
Unattend setting for User Authentication:
You can optionally specify how users are authenticated before the remote desktop connection is established. If you do not specify this setting, by default you won't be able to remotely connect to the machine from computers/operating systems which do not support remote desktop with network level authentication.
The following setting needs to be added to the answer file to allow remote connections from computers running any version of remote desktop:
Component name: "Microsoft-Windows-TerminalServices-RDP-WinStationExtensions"
Setting: UserAuthentication
Value: 0
This corresponds to the following option in the system properties - remote tab:
If you do not specify this unattend setting, by default, enabling remote desktop using unattended settings will result into this option in system properties - remote tab:
Sample unattend file text:
This is an example of text in the answer file to enable remote desktop on x86 machines to accept connections from computers running any version of remote desktop (note that this is less secure as described remote tab UI):
IMPORTANT: If you use this text as-is in your answer file, you must validate the answer file in Windows SIM to verify that it works, before each use.
<?xml version='1.0' encoding='utf-8'?>
<unattend xmlns="urn:schemas-microsoft-com:unattend" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State">
<settings pass="specialize">
<component name="Microsoft-Windows-TerminalServices-LocalSessionManager" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<fDenyTSConnections>false</fDenyTSConnections>
</component>
<component name="Microsoft-Windows-TerminalServices-RDP-WinStationExtensions" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<UserAuthentication>0</UserAuthentication>
</component>
<component name="Networking-MPSSVC-Svc" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS">
<FirewallGroups>
<FirewallGroup wcm:action="add" wcm:keyValue="rd1">
<Active>true</Active>
<Group>Remote Desktop</Group>
<Profile>all</Profile>
</FirewallGroup>
</FirewallGroups>
</component>
</settings>
</unattend>
Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights.