-
Notifications
You must be signed in to change notification settings - Fork 6
/
reset-rds-grace-period.ps1
147 lines (119 loc) · 6.07 KB
/
reset-rds-grace-period.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
<#
.SYNOPSIS
Resets RDS grace period on the RDS host.
.DESCRIPTION
This script is intended to be used to reset Terminal Server (RDS) grace licensing period to default value.
.PARAMETER Force
Disable interactive action. false is the default.
.PARAMETER RestartTS
Restart Terminal Service after resetting grace period. false is the default.
.INPUTS
None. You cannot pipe objects to reset-rds-grace-period.ps1.
.OUTPUTS
None. reset-rds-grace-period.ps1 does not generate any meaningful output.
.EXAMPLE
PS> .\reset-rds-grace-period.ps1
.EXAMPLE
PS> .\reset-rds-grace-period.ps1 -Force
.EXAMPLE
PS> .\reset-rds-grace-period.ps1 -RestartTS
.EXAMPLE
PS> .\reset-rds-grace-period.ps1 -Force -RestartTS
.LINK
https://github.com/atollholding/reset-rds-grace-period
.NOTES
Important: Please test reset-rds-grace-period.ps1 in test environment before executing on any production server.
Please be careful while changing settings at the Windows registry!
Please create a full backup of the registry or affected keys beforehand.
Authors is not responsible for any misuse/damage caused by using it.
You will have to restart following services for the reset to come into effect:
Remote Desktop Services
Remote Desktop Configuration Properties (optional)
As soon as these services are restarted all the active sessions will be disconnected (Not logged off). Wait for a minute and reconnect again.
#>
[CmdletBinding()]
Param(
[Parameter(
Mandatory = $false,
ValueFromPipeline = $false,
ValueFromPipelineByPropertyName = $false)]
[Switch]
$Force = $false,
[Switch]
$RestartTS = $false
)
# Was this script launched by local administrator?
$isAdmin = ([Security.Principal.WindowsPrincipal][Security.Principal.WindowsIdentity]::GetCurrent()).IsInRole([Security.Principal.WindowsBuiltInRole]::Administrator)
# Only local administrator can launch this script.
if (!($isAdmin)) {
throw [System.UnauthorizedAccessException]::new("Please launch this script as an Administrator.")
}
# Retreive and show days left to the end of grace period.
$GracePeriod = (Invoke-CimMethod -InputObject (Get-CimInstance -Namespace root/CIMV2/TerminalServices -ClassName Win32_TerminalServiceSetting) -MethodName GetGracePeriodDays).DaysLeft
Write-Host -ForegroundColor Green 'Terminal Server (RDS) grace period days remaining are': $GracePeriod
# If there was no Force argument passed to script, ask the user to confirm grace period reset. Not to reset by default.
if (!$Force) {
# RestartTS parameter disclaimer.
if ($RestartTS) {
Write-Host -ForegroundColor Yellow $("*" * 80)
Write-Host -ForegroundColor Yellow "You are set parameter to restart Terminal Service."
Write-Host -ForegroundColor Yellow "As soon as these service are restarted all the active sessions will be"
Write-Host -ForegroundColor Yellow "disconnected (not logged off). Wait for a short time and reconnect again."
Write-Host -ForegroundColor Yellow $("*" * 80)
}
Write-Host -ForegroundColor Cyan "Do you want to reset Terminal Server (RDS) Grace period to default 120 days? (y/N) " -NoNewline
$UserChoice = Read-Host
}
# Check user choice.
if (($UserChoice -and $UserChoice.ToLower() -eq "y") -or $Force) {
# Create .NET class with required function.
$definition = @"
using System;
using System.Runtime.InteropServices;
namespace Win32Api
{
public class NtDll
{
[DllImport("ntdll.dll", EntryPoint="RtlAdjustPrivilege")]
public static extern int RtlAdjustPrivilege(ulong Privilege, bool Enable, bool CurrentThread, ref bool Enabled);
}
}
"@
# Adds a Microsoft .NET class to a PowerShell session.
Add-Type -TypeDefinition $definition -PassThru | Out-Null
$Enabled = $false
# Enable SeTakeOwnershipPrivilege (index 9)
# https://www.pinvoke.net/default.aspx/ntdll/RtlAdjustPrivilege.html
[Win32Api.NtDll]::RtlAdjustPrivilege(9, $true, $false, [ref]$Enabled) | Out-Null
# Rights attributes.
# $Administrators = [System.Security.Principal.NTAccount]"Administrators"
$Administrators = [System.Security.Principal.SecurityIdentifier]"S-1-5-32-544"
#$Administrators = [System.Security.Principal.WellKnownSidType]::AccountAdministratorSid
$RegRights = [System.Security.AccessControl.RegistryRights]::FullControl
$AccessControlType = [System.Security.AccessControl.AccessControlType]::Allow
## Take ownership on the key
$RegKey = "SYSTEM\CurrentControlSet\Control\Terminal Server\RCM\GracePeriod"
$key = [Microsoft.Win32.Registry]::LocalMachine.OpenSubKey($RegKey, [Microsoft.Win32.RegistryKeyPermissionCheck]::ReadWriteSubTree, [System.Security.AccessControl.RegistryRights]::takeownership)
$acl = $key.GetAccessControl()
$acl.SetOwner($Administrators)
$key.SetAccessControl($acl)
## Assign 'Full Controll' permissions to Administrators group on the key.
$rule = New-Object System.Security.AccessControl.RegistryAccessRule ($Administrators, $RegRights, $AccessControlType)
$acl.SetAccessRule($rule)
$key.SetAccessControl($acl)
## Delete the key which resets the Grace Period counter to 120 Days.
Write-Host -ForegroundColor Green 'Resetting grace period. Please Wait....'
Remove-Item "HKLM:\$RegKey"
if ($RestartTS) {
Write-Host -ForegroundColor Green "Restarting Terminal Service..."
Restart-Service TermService -Force
}
# Display remaining grace period again as final status.
# Display Windows Terminal Server Grace Period Balloon.
tlsbln.exe
$GracePeriodPost = (Invoke-CimMethod -InputObject (Get-CimInstance -Namespace root/CIMV2/TerminalServices -ClassName Win32_TerminalServiceSetting) -MethodName GetGracePeriodDays).DaysLeft
Write-Host -ForegroundColor Green 'Terminal Server (RDS) grace period days remaining are': $GracePeriodPost
}
else {
Write-Host -ForegroundColor Yellow "You choose not to reset grace period of Terminal Server (RDS)."
}