The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 4,152 other subscribers

Archive for the ‘Remote Desktop Protocol/MSTSC/Terminal Services’ Category

PowerShell: working around Get-NetFirewallRule not showing all the fields that Set-NetFirewallRule allows you to set

Posted by jpluimers on 2022/10/26

With APIs, you always hope that Get and Set methods mirror each other. More often than not, they don’t.

Take for instance these two:

They are far from symmetric: [Wayback/Archive] Get-NetFirewallRule shows far less than [Wayback/Archive] Set-NetFirewallRule allows you to set (first and foremost the various port related properties). It can be worked around though.

There are a few posts discussing this, of which I think these two are the most important:

Both above posts via [Wayback/Archive] “Get-NetFirewallRule” “LocalPort” – Google Search.

This is what I was after:

PowerShell "Get-NetFirewallRule -Name 'RemoteDesktop-UserMode-In-TCP' | Select-Object Name,DisplayName,Enabled,Direction,@{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}},Action,@{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}}"

Or actually:

PowerShell "Get-NetFirewallRule -Name 'RemoteDesktop-UserMode-In-TCP' -ErrorAction SilentlyContinue | Select-Object Name,DisplayName,Enabled,Direction,@{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}},Action,@{Name='LocalPort';Expression={($PSItem | Get-NetFirewallPortFilter).LocalPort}}"

Let me explain this:

  1. Get-NetFirewallRule gets a firewall rule with a specific name, but can only get you a few properties that can be set through Set-NetFirewallRule. Name,DisplayName,Enabled,Direction are properties it understands. Protocol and LocalPort aren’t, but are often of interest.
  2. Get-NetFirewallPortFilter can get you both Protocol and LocalPort.
  3. There are more functions named like Get-NetFirewall*Filter, all of which require an -AssociatedNetFirewallRule <CimInstance> (or an -All) parameter which is what Get-NetFirewallRule returns. This way you can retrieve details not provided by Get-NetFirewallRule.
  4. The portions like @{Name='Protocol';Expression={($PSItem | Get-NetFirewallPortFilter).Protocol}} returns one property, in this case the Protocol property from Get-NetFirewallPortFilter returned as Protocol (the latter can be different if you want; the former needs to be Protocol).
  5. The -ErrorAction SilentlyContinue bit is to prevent this kind of exception when no -Name matches:
    Get-NetFirewallRule : No MSFT_NetFirewallRule objects found with property 'InstanceID' equal to
    'RemoteDesktop-UserMode-In-TCP_'.  Verify the value of the property and retry.
    At line:1 char:1
    + Get-NetFirewallRule -Name 'RemoteDesktop-UserMode-In-TCP_'
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (RemoteDesktop-UserMode-In-TCP_:String) [Get-NetFirewallRule], CimJobExc
        + FullyQualifiedErrorId : CmdletizationQuery_NotFound_InstanceID,Get-NetFirewallRule
    When the exception occurs, the execution continues, but since no object is returned the | pipe will not execute and no details are returned.

    I got this trick from [Wayback/Archive] firewall – How can I stop the Powershell command `Get-NetFirewallRule` from throwing an error? – Stack Overflow (thanks [Wayback/Archive] Pure.Krome and [Wayback/Archive] arco444)


  • 3. also allows Get-NetFirewallRule to search for a group, then get all the firewall rules out of them, for instance with
    Get-NetFirewallRule -DisplayGroup "File and Printer Sharing" | ForEach-Object { Write-Host $_.DisplayName ; Get-NetFirewallAddressFilter -AssociatedNetFirewallRule $_ }
  • 4. also works the other way around, but only if you have elevated using an administrative token. The below lists all firewall rules involving port 3389 (Remote Desktop Protocol):
    PowerShell "Get-NetFirewallPortFilter | Where LocalPort -eq 3389 | Get-NetFirewallRule"

    Even a plain Get-NetFirewallPortFilter will get you an error without elevation:

    Get-NetFirewallPortFilter : Access is denied.
    At line:1 char:1
    + Get-NetFirewallPortFilter
    + ~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : PermissionDenied: (MSFT_NetProtocolPortFilter:root/standardci...tocolPortFilter) [Get-Ne
       tFirewallPortFilter], CimException
        + FullyQualifiedErrorId : Windows System Error 5,Get-NetFirewallPortFilter

You might want to return more details than just Protocol and Localport, so I dug around and made the below table to document the asymmetry.

Read the rest of this entry »

Posted in CommandLine, Development, Power User, PowerShell, PowerShell, Remote Desktop Protocol/MSTSC/Terminal Services, Scripting, Software Development, Windows | Leave a Comment »

Increase audio quality in Remote Desktop Connections – Increase audio quality in Remote Desktop Connections

Posted by jpluimers on 2022/03/25

I wish mstsc.exe had a command-line parameter for this, but you have to either change it server-wide, or for each client using a .rdp file as per [Wayback] Increase audio quality in Remote Desktop Connections – Increase audio quality in Remote Desktop Connections

I really dislike fuzzy/tinny audio. Sometimes RDP connections with RDC clients results in laggy and/or poor quality audio. A two step tip that you can use to try and solve these problem in Windows7:

#1 on the server (the machine you are connecting to)

Using the Group Policy editor, Go to Computer Configuration:Administrative Templates:Windows Components: Remote Desktop Session Host:Device and Resource Redirection. Set “Limit audio playback quality.”  to “Enabled,” and set “Audio Quality” option “to High”.

#2 on the client (the machine you are connecting FROM) save and edit the RDP file for the connection and add  set audioqualitymode:i:2 to the file (you can use Notepad or a similar text editor to do this)

I got there via [Wayback] Remote Desktop software that works with audio (Windows) – Software Recommendations Stack Exchange which also taught me this (thanks [Wayback] Basj):

The last one is backed up by [Wayback] Audio FAQ – RealVNC Help Center

What can and can’t I do with audio?

Audio is available for [Wayback] Professional and Enterprise users, and allows the user to play audio on the Server and hear it on the Viewer. Now, in addition to seeing what is displayed on the Viewer and controlling the remote computer as though you were sitting in front of it, you can also hear what is playing on its speakers.

How do I turn the audio feature on or off?

The audio feature can be controlled from both the Server and the Viewer and must be activated on both for sound to work. On the Server, you can allow connected Viewer users to hear audio using “Global Permissions” in Options > Users & Permissions. (You can also set audio on a per-user basis.)


The audio permissions can be controlled per connected user account via the Server options page. On the Viewer, there is a mute/unmute setting to tick.


From [Wayback] audio – How can I forward sound over VNC? – Unix & Linux Stack Exchange, I learned that on Linux, PulseAudio might help, but requires SSH access:

You can use PulseAudio to move sound over SSH, though, which may be better than nothing for you.

Check out this post: [Wayback]


Posted in Power User, Remote Desktop Protocol/MSTSC/Terminal Services, Windows | Leave a Comment »

Run the latest RDP session in full-screen

Posted by jpluimers on 2021/12/28

MSTSC.exe helptext

MSTSC.exe helptext

I created this small batch file:

:: start last RDP session (or new one with command-line parameters) full-screen
:: see
mstsc /f %*

It is based on [Wayback] MSTSC Commands and Creating a Custom Remote Desktop Shortcut | InterWorks, which has the helptext for MSTSC.exe (which stands for MicroSoft Terminal Services).

Later I found out a way easier method to get that helptext is to run MSTSC.exe /?, which shows a nice dialog:

[Window Title]
Remote Desktop Connection Usage

MSTSC [] [/v:<server[:port]>] [/g:] [/admin] [/f[ullscreen]] [/w: /h:] [/public] | [/span] [/multimon] [/edit "connection file"] [/restrictedAdmin] [/remoteGuard] [/prompt] [/shadow: [/control] [/noConsentPrompt]]

"connection file" -- Specifies the name of an .RDP file for the connection.

/v:<server[:port]> -- Specifies the remote PC to which you want to connect.

/g: -- Specifies the RD Gateway server to use for the connection. This parameter is only read if the endpoint remote PC is specified with /v.

/admin -- Connects you to the session for administering a remote PC.

/f -- Starts Remote Desktop in full-screen mode.

/w: -- Specifies the width of the Remote Desktop window.

/h: -- Specifies the height of the Remote Desktop window.

/public -- Runs Remote Desktop in public mode.

/span -- Matches the remote desktop width and height with the local virtual desktop, spanning across multiple monitors, if necessary. To span across monitors, the monitors must be arranged to form a rectangle.

/multimon -- Configures the Remote Desktop Services session monitor layout to be identical to the current client-side configuration.

/edit -- Opens the specified .RDP connection file for editing.

/restrictedAdmin -- Connects you to the remote PC in Restricted Administration mode. In this mode, credentials won't be sent to the remote PC, which can protect you if you connect to a PC that has been compromised. However, connections made from the remote PC might not be authenticated by other PCs, which might impact application functionality and compatibility. This parameter implies /admin.

/remoteGuard -- Connects your device to a remote device using Remote Guard. Remote Guard prevents credentials from being sent to the remote PC, which can help protect your credentials if you connect to a remote PC that has been compromised. Unlike Restricted Administration mode, Remote Guard also supports connections made from the remote PC by redirecting all requests back to your device.

/prompt -- Prompts you for your credentials when you connect to the remote PC.

/shadow: -- Specifies the ID of the session to shadow.

/control -- Allows control of the session when shadowing.

/noConsentPrompt -- Allows shadowing without user consent.



Posted in Batch-Files, Development, Power User, Remote Desktop Protocol/MSTSC/Terminal Services, Scripting, Software Development, Windows | Leave a Comment »

bolkedebruin/rdpgw: Remote Desktop Gateway in Go for deploying on Linux/BSD/Kubernetes

Posted by jpluimers on 2021/12/23

On my list of things to try: an open source golang implementation of the Remote Desktop Gateway protocol: [Wayback/] bolkedebruin/rdpgw: Remote Desktop Gateway in Go for deploying on Linux/BSD/Kubernetes.

[Wayback] [MS-TSGU]: Terminal Services Gateway Server Protocol | Microsoft Docs:

Specifies the Terminal Services Gateway Server Protocol, which is a mechanism to transport data-link layer (L2) frames on a Hypertext Transfer

Via: [Wayback] linux – Create RDP gateway in Raspberry Pi or Ubuntu – Super User


Posted in *nix, Development, Go (golang), Power User, Remote Desktop Protocol/MSTSC/Terminal Services, Software Development, Windows | Leave a Comment »

high sierra – Remote Desktop 10.2.3 Database Creation Error; 10.2.1 runs fine; 10.2.2 crashes: how to find actual cause(s)? – Ask Different

Posted by jpluimers on 2020/12/21

From a while back:

What would be good steps to find the cause of the below errors?

I get this error when running Microsoft Remote Desktop 10.2.3 or higher on MacOS High Sierra:

Database Creation Error

"An error occurred during persistent store migration.

[Domain: NSCocoaErrorDomain, Code: 134110]"

[WayBack] high sierra – Remote Desktop 10.2.3 Database Creation Error; 10.2.1 runs fine; 10.2.2 crashes: how to find actual cause(s)? – Ask Different

Related Twitter thread: [WayBackJeroen Pluimers on Twitter: “Help! Stuck at @msremotedesktop 10.2.1 (that cannot add new users) on High Sierra because 10.2.2 keeps crashing, and both 10.2.3 and 10.2.4 cannot migrate: “An error occurred during persistent store migration. [Domain: NSCocoaErrorDomain, Code: 134110]””

Tried beta: 10.2.6 (1529) at [ from [WayBack] Microsoft Remote Desktop for Mac – HockeyApp


Read the rest of this entry »

Posted in Apple, Mac OS X / OS X / MacOS, macOS 10.13 High Sierra, Power User, Remote Desktop Protocol/MSTSC/Terminal Services, Windows | Leave a Comment »

%d bloggers like this: