Q: When deploying virtual machines with System Center Virtual Machine Manager, how can you make sure Remote Desktop is automatically enabled as the virtual machine is deployed?

Enable Remote Desktop in an image using an unattended answer file.

John Savill

November 30, 2011

3 Min Read
ITPro Today logo in a gray background | ITPro Today

A: There are several ways you can enable Remote Desktop and, indeed, configure many settings. You could use Group Policy, or you could use the image that was created for the virtual machine (VM) template that has configurations made pre-capture. However, using an unattended answer file lets you get a fairly generic OS image, which you can then customize based on your needs.

To enable Remote Desktop in an image, you need two settings. The first is used to actually enable Remote Desktop, and the second is to enable the Firewall exception for Remote Desktop traffic (or you could also require Network Level Authentication, which isn’t the default).

The best way to create the unattended file is to download the Windows Automated Installation Kit, then launch the Windows System Image Manager (SIM). You will also need a Windows Server image extracted to a folder, so you can use its Windows Imaging Format (WIM) and catalog (CLG) files. You can unpack an ISO by using many means, including a tool such as MagicISO (which is what I use).

1.Launch Windows SIM.
2.From the File menu, choose the Select Windows Image option.
3.Navigate to your extracted Windows Server image,  select one of the CLG files that relate to this answer file (e.g., install_Windows Server 2008 R2 SERVERENTERPRISE.clg), and click Open.
4.From the File menu, select New Answer File.
5.Within the Windows Image area, navigate to amd64_Microsoft-Windows-TerminalServices-LocalSessionManager_xxxxx, select it and drag and drop it to the “specialize” component (see screen shot below) within the Answer File section.




6.After the setting is in the answer file, you can select it and change the setting of fDenyTSConnection to false, which will enable Remote Desktop.
7.Next, navigate to amd64_Networking-MPSSVC-Svc_xxxxxx - FirewallGroups - FirewallGroup. Drag FirewallGroup to the specialize component in the answer file.
8.In the answer file area, select the FirewallGroup and set the Action to AddListItem, Active to true, Group to Remote Desktop, Key to RemoteDesktop, and Profile to all (or you could leave as domain if this should only apply when on a domain network). See the screen shot below.



9.Alternatively, you could also add the amd64_Microsoft-Windows-TerminalServices-RDP-WinStationExtensions to the specialize component and set UserAuthentication to 1 to require Network Level Authentication (more secure). The default of 0 allows connections from any version of Remote Desktop.
10.Save your answer file, and copy it to your System Center Virtual Machine Manager (SCVMM) library.
11.Within SCVMM, open up the VM template, and in the OS Configuration section set the Answer File to be the answer file you created, and click OK. (See the screen shot below.)


Below is my answer file for your reference:

                        false                                                                true                    Remote Desktop                    all                                            

To read more FAQs about all things Windows, see John Savill's FAQs page.

About the Author

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like