This script azure-rm-rdp-post-deployment.ps1 can be used to enumerate Azure Resource Manager environments for public Remote Deskop Protocol (RDP) connectivity using either public ip or RDWeb site. If the url for RDWeb site is known, Azure enumeration and requirements can be bypassed by using the -rdWebUrl switch with url as argument.
NOTE: PowerShell scripts require that the execution of scripts be enabled on the machine, current PowerShell session, or by starting PowerShell.exe with '-ExecutionPolicy' switch. To query current execution settings, type 'Get-ExecutionPolicy'. To enable script execution, from admin PowerShell prompt, type 'Set-ExecutionPolicy RemoteSigned -Force' or 'Set-ExecutionPolicy Bypass -Force'. The prior example shows two commonly used policy levels with 'RemoteSigned' being more restrictive than 'Bypass' (additional policy levels available). When finished running script, you can set the policy level back to the prior setting if needed. For additional information type 'help set-executionpolicy -online'.
NOTE: Scripts downloaded from technet may be blocked by default depending on type of download and configuration. If script fails to execute, run 'unblock-file .\azure-rm-rdp-post-deployment.ps1' or right click on file and verify that if 'Unblock' exists, it is checked.
- Admin PowerShell session - script will attempt to elevate if not
- Window Management Framework 5.0 + - script will prompt install if missing
- Azure RM SDK - script will attempt to install if missing
- 170808 can now optionally add a public ip and network security group (nsg) for port 3389 to a vm -addPublicIp and -vmName
- 170715 added background jobs and additional IP checking. now defaults to current subscription
- 170518 script works with azurerm.resources less than and greater than 220.127.116.11
- Checks for requirements
- Authenticates to Azure RM
- Enumerates all resource groups in subscription
- Searches for '/RDWeb' web sites and downloads certificate
- Searches for any public IP's for example load-balancers
- Searches for any public IP's attached to existing vm's
- Displays results for selection
- If an RDWeb site is selected:
- Certificate store on local machine will be checked for existence of certificate downloaded from RDWeb site
- If certificate is not in the certificate store, the certificate will be imported to the correct store depening on certificate type
- The public IP address for the RDWeb site will be compared to IP address returned from DNS lookup.
- If DNS lookup is different than IP address from RDWeb site, the IP address and FQDN of RDWeb site will be added to local hosts file
- Url to RDWeb site will be opened
- If VM or PUBIP connection is selected:
- IP address of connection will be added to trusted connection list in registry
- mstsc.exe will be launched with /v and /admin switches
powershell script to connect to quickstart rds deployments after deploying template
C:\temp\azure-rm-rdp-post-deployment.ps1 [[-certLocation] <String>] [-noprompt] [-noretry] [[-publicIpAddressName] <String>] [[-rdWebUrl] <String>] [[-resourceGroupName] <String>] [-update] [<CommonParameters>]
** REQUIRES AT LEAST WMF 5.0 AND AZURERM SDK ** script authenticates to azure rm queries all resource groups for public ip name gives list of resource groups enumerates public ip of specified resource group downloads certificate from RDWeb adds cert to local machine trusted root store tries to resolve subject name in dns if not the same as public loadbalancer ip address it is added to hosts file
start with -verbose if you need to troubleshoot script
add public ip address and nsg to selected virtual machine
Default value LocalMachine
to not prompt when adding cert to cert store or when modifying hosts file
used by script
optional parameter to override ip resource name public ip address
used to pass complete RDWeb url to script to bypass Azure enumeration.
will add self-signed cert to cert store.
optional parameter to check for updated script from github
used to pass virtual machine name for adding public IP
This cmdlet supports the common parameters: Verbose, Debug
NOTE: to remove certs from all stores Get-ChildItem -Recurse -Path cert:\ -DnsName *<%subject%>* | Remove-Item
-------------------------- EXAMPLE 1 --------------------------
query azure rm for all resource groups with for all public ips.
-------------------------- EXAMPLE 2 --------------------------
PS C:\>.\azure-rm-rdp-post-deployment.ps1 -rdWebUrl https://contoso.eastus.cloudapp.azure.com/RDWeb
used to bypass Azure enumeration and to copy cert from url to local cert store