Powershell script to enable Allow New Connections for all RDS servers

This will enable “Allow New Connections” for all servers in all collections.  Handy when you disable logins for troubleshooting and forget to enable them again.  I have configured this to run at 5am each morning on our broker server.

Server Manager can sometimes not display the updated values until it is closed and reopened so keep that in mind. Generally it updates with a simple refresh.

Import-Module RemoteDesktop ForEach ($CollectionName in Get-RDSessionCollection) { ForEach ($HostToEnable in (get-rdsessionhost -collectionname $CollectionName.CollectionName | where {$_.NewConnectionAllowed -ne "Yes"})) { $HostToEnable Set-RDSessionHost $HostToEnable.SessionHost -NewConnectionAllowed "Yes" } }

If you would like to continue to block logins to a specific server that may be in long term diagnostics or maintenance you could either disable the script temporarily (as in change the start date in the scheduled task to some time in the future) or add a line to the end of the code such as,

Set-RDSessionHost servername.contoso.com -NewConnectionAllowed “No”

In a static environment a script such as the following would work,

Set-RDSessionHost servername1.contoso.com -NewConnectionAllowed "Yes" Set-RDSessionHost servername2.contoso.com -NewConnectionAllowed "Yes" Set-RDSessionHost servername3.contoso.com -NewConnectionAllowed "Yes" #The following server is in maintenance Set-RDSessionHost servername4.contoso.com -NewConnectionAllowed "No"

Updated version that sends an email message when a change has been made.

$MailSubject = "RDS Enable Login Script" $MailServer = "Mail.contoso.local" $MailTo = "support@contoso.com.au" $MailFrom = "support@contoso.com.au" $MailBody = "The following servers were detected as having their logins disabled and have been automatically set to allow logins again:" Import-Module RemoteDesktop ForEach ($CollectionName in Get-RDSessionCollection) { foreach ($HostToEnable in (get-rdsessionhost -collectionname $CollectionName.CollectionName | where {$_.NewConnectionAllowed -ne "Yes"})) { $Output += "
" + $HostToEnable.SessionHost Set-RDSessionHost $HostToEnable.SessionHost -NewConnectionAllowed "Yes" } } If ($Output -ne $null) { $MailBody += $Output + "

This script runs on server $($env:computername) under the credentials of $($env:UserName)" Send-Mailmessage -To $MailTo -From $MailFrom -Body $MailBody -Subject $MailSubject -SMTPServer $MailServer -BodyAsHtml }





Update Environment Tab in AD with Powershell

This code will go through the AD and find any users who have the tick boxes,

“Connect client drives at logon”
“Connect client printers at logon”
“Default to main client printer”

Unticked and set them to ticked on.

The value may not exist on every account if the settings have not been change so there will be errors for those accounts but these accounts will show these values as ticked on if checked manually.

Get-ADUser -Filter * -SearchBase “OU=Users,DC=Contoso,DC=Com” | Foreach {
$User = [adsi](“LDAP://” + $_.distinguishedname)
Write-Host $_.distinguishedname
If ($User.InvokeGet(“ConnectClientDrivesAtLogon”) -eq 0)
{Write-Host “Changing ConnectClientDrivesAtLogon for $($_.distinguishedname)”

If ($User.InvokeGet(“ConnectClientPrintersAtLogon”) -eq 0)
{Write-Host “Changing ConnectClientPrintersAtLogon for $($_.distinguishedname)”

If ($User.InvokeGet(“DefaultToMainPrinter”) -eq 0)
{Write-Host “Changing DefaultToMainPrinter for $($_.distinguishedname)”