PowerShell tool to list out RDP Access Control List

Topics: Developer Forum
Jan 27, 2008 at 5:05 PM
I have been trying out your tools and have found them to be very helpful. Since no one is ever satisfied, no mater how full featured a tool is, I am no exception and would like to see an addition to the tool set. As an admin, I must periodically verify security settings on all my servers. One very manual intensive step is to access each server, run Terminal Services Configuration and take a screen shot of the security tab to make sure no one has opened up access to the RDP protocol. If you could find it in your hearts to provide a powershell way to list out the RDP access control list, it would help me tremendously. I suppose I am the only one who has this need or it is so complicated or troublesome to pursue since I can not find any tool of any kind that provides this information. I just stumbled on your project from reading technet magazine and if I posted this to the wrong discussion, please excuse the newbe.
Jan 28, 2008 at 9:16 AM
With PowerShell you can do:

PS C:\scripts> Get-WmiObject Win32_TSAccount -ComputerName computer | select AccountName,SID,PermissionsAllowed,PermissionsDenied

In VBScript:

strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")

Set colItems = objWMIService.ExecQuery _
("Select AccountName from Win32_TSAccount")

For Each objItem in colItems
wscript.echo objItem.AccountName

Check the TechNet's Terminal Server Script Repository:

Shay Levi
$cript Fanatic