RDS – Cerulean

2020-03-09

Extend vhd, vhdx -> profiledisks…

Ja för att ändra vhd eller vhdx filer krävs denna , den drar in powershell pluginen..
Add-WindowsFeature –name RSAT-Hyper-V-Tools

Att ändra en disk (som inte är mountad) kör följande…

Resize-VHD –Path c:path-to-vhd-fileyour-VHD-file.vhd –SizeBytes 10GB

PÅ en maskin (tpy 202r2 eller likannde finns inte möjligheten.
Där får man nyttja diskpart.

diskpart
select vdisk file="C:\UPDs\UVHD-<SID>.vhdx"
expand vdisk maximum=20480
attach vdisk
list volume
select volume=<number of UPD volume from previous command>
extend
detach vdisk
exit

2019-05-10

Adobe acrobat ProtectedMode on RDS

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Adobe\Acrobat Reader\DC\FeatureLockDown]
”bProtectedMode”=dword:00000000

; URL: https://forums.adobe.com/thread/2367499
; MARI 2019

2017-06-07

RDS Connection Broker on RDS on a DomainController

Sigh this isnt the best solution but … it works…

When installing RDSH on the domain controller 2016 it uses the Windows Internal Database (a small SQL)
It does not allow it to run properly due to missing credentials…
add the following security identity to the ”log on as a service” rigths on the default domain controller policy.

2017-03-31

RDS Cert and RDWBmodding

Detta skript gör så man inte får fel i RDGW när man nyttjar det externa namnet från SSL certet.

# Kör detta på på 2016 ConnectionBrokermaskinen eleverat Import-Module RemoteDesktop get-rdserver


$clientAccessName = "remote.Kundnamn.se"  # SSL namn...

$ConnectionBroker = "vrds04.hr.local"
# Ange nu brokern nedan

set-RDWorkspace -Name "Remote Deskop" -ConnectionBroker $ConnectionBroker
# Gör en backup av RD WEB

$Source = "C:\windows\Web\RDWeb"

$BackupDest = "c:\windows\web\backup\rdweb"

copy-item -Recurse $Source ($BackupDest +"\"+(Get-Date -format "yyyMMdhhmmss"))
# Branding av RDWEB

copy-item *.png ($Source + "\Pages\images")
#Fixa Cert namnen! 2 lägen finns  Normal samt HA  URL: ->  https://gallery.technet.microsoft.com/Change-published-FQDN-for-2a029b80

# I HA läge använder man sig av en sql för all last balansera... och då har man en connectionstring... kolla om vi har det ... null = nope och vi kör troligen inte i HA...

if ((iwmi -Class "Win32_RDMSDeploymentSettings" -Namespace "root\CIMV2\rdms" -Name "GetStringProperty" -ArgumentList @("DatabaseConnectionString") -ComputerName $ConnectionBroker -Authentication PacketPrivacy) -eq $null)

   {

    # Broker runns probably in HA mode Use Powershell

    Set-RDClientAccessName -ConnectionBroker $ConnectionBroker -ClientAccessName $ClientAccessName

   }

 else

    {

    # Broker runns probably not i HA mode Use WMI!
    #Kollar befintligt namn....

    iwmi -Class "Win32_RDMSDeploymentSettings" -Namespace "root\CIMV2\rdms" -Name "GetStringProperty" -ArgumentList @("DeploymentRedirectorServer") -ComputerName $ConnectionBroker -Authentication PacketPrivacy
    #Skriv in det nya namnet som sakll nyttjas (Samma som Certet man nyttjar tex remote.kundnamn.se; returnerar 0

    iwmi -Class "Win32_RDMSDeploymentSettings" -Namespace "root\CIMV2\rdms" -Name "SetStringProperty" -ArgumentList @("DeploymentRedirectorServer",$ClientAccessName) -ComputerName $ConnectionBroker -Authentication PacketPrivacy -ErrorAction Stop
    # kollar igen så vi lyckades ändrad namnet...

    iwmi -Class "Win32_RDMSDeploymentSettings" -Namespace "root\CIMV2\rdms" -Name "GetStringProperty" -ArgumentList @("DeploymentRedirectorServer") -ComputerName $ConnectionBroker -Authentication PacketPrivacy

}

2016-06-19

RDGateway

Install RD Gateway with Powershell fast.. (2012R2)
Certs needs to be fixed and firewall ports needs to be opened and Nated … 443…

# Add Windows Role/Feature Add-WindowsFeature -Name RDS-gateway -IncludeAllSubFeature -IncludeManagementTools

#verifiy that the module is present … and Load it…
Get-Module remotedesktopservices
import-module remotedesktopservices

# Create AD Security Group – Is created in Defalut ”users” container.
new-adgroup -Name ”RD-GW-Users” -Groupscope Global
Add-ADGroupMember ”RD-GW-Users” -member ”Domain Admins”
# Get Domain we are running in.. (Just to get things dynamic)
$dom=get-addomain | Select Name # $dom.name give us the domain name from now on..

#change dir into rds provider
cd RDS:
# Create new Connection Authorization Policy (CAP)
New-Item -Path ”RDS:\GatewayServer\CAP” -Name ”Allow RD-GW-Users” -UserGroups ”RD-GW-Users@$($dom.name)” -AuthMethod 1
# Create new Resource Authorization Policy
New-Item -Path ”RDS:\GatewayServer\RAP” -Name ”Allow Connections To Everywhere” -UserGroups ”RD-GW-Users@$($dom.name)” -ComputerGroupType 2