Note: This article was originally published in 2013. Some steps, commands, or software versions may have changed. Check the current Windows Azure Cloud documentation for the latest information.

In this step-by-step guide, you’ll learn re-enable remote desktop with powershell after you’ve blocked it with your own firewall rule. Microsoft Azure is a cloud computing platform offering IaaS, PaaS, and SaaS services including compute, analytics, storage, and networking.

Prerequisites

Before you begin, make sure you have:

  • Windows Server 2012 or 2012 R2
  • Administrator privileges
  • Server Manager access

How to: Re-enable Remote Desktop with (http://www.microsoft.com/powershell “Windows PowerShell”) after you’ve blocked it with your own firewall rule

Obtained from: http://www.hanselman.com/blog/CSIReenablingRemoteDesktopWithPowerShellAfterYouveBlockedItWithYourOwnFirewallRule.aspx   The Big Problem:

I set up an Azure (http://en.wikipedia.org/wiki/Virtual_machine “Virtual machine”) running (http://www.microsoft.com/en-us/server-cloud/windows-server/default.aspx “Windows Server 2012”). I accidentally disabled the Remote Desktop (http://en.wikipedia.org/wiki/Windows_Firewall “Windows Firewall”) rule (while I was remotely connected). The connection dropped as you would expect. I have been pulling my hair out ever since trying to re-enable this rule.

Doh. Ouch. I didn’t ask how this happened, but you know, one gets to clicking and typing and you can feel the mistake about to happen as your hand drops towards the keyboard, but by then it’s too late. Gravity has screwed you. I suggested that Seán use (http://technet.microsoft.com/en-us/magazine/ff700227.aspx). Remote PowerShell is like “(http://en.wikipedia.org/wiki/Secure_Shell “Secure Shell”)” in *nix. You get a remote terminal and can pretty much do whatever you want from there.

TL;DR VERSION OF SEÁN’S EXPERIENCE.

  • Make sure PowerShell is enabled in the Endpoints section of the Azure portal.
  • Get the server’s certificate (PowerShell needs this for remote commands). You can get the server certificate by going to your domains’ (http://en.wikipedia.org/wiki/Uniform_resource_locator “Uniform resource locator”): https://yourdomain.cloudapp.net:12345 (where :12345 is the port that PowerShell uses).
  • Export the SSL certificate of the site as a .CER file and install it on your local machine.
  • Save it to the “Trusted Root Certification Authorities” store on your machine.
  • Open PowerShell with administrative privileges on your local machine and type: Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL
  • A login popup will appear, enter your VM’s login credentials here.
  • You will now be able to execute commands against the Azure VM. In Seán’s case, he ran netsh advfirewall firewall set rule group="remote desktop" new enable=Yes and exited the PowerShell session and was able to remotely connect to my machine.

LONG DETAILED VERSION WITH SCREENSHOTS

Long version with screenshots: Make sure PowerShell is publically accessible in the ‘endpoints’ section of the Azure portal. !(http://technology.bauzas.com/files/2013/10/01%20-%20VM%20Endpoints_337ef02c-5284-4fdb-a033-fca31041fe79.png) Get the server’s certificate (PowerShell needs this for establishing a remote session). You can get the server certificate by going to your domains’ URL: (https://yourdomain.cloudapp.net:5986/) (where :5986 is the port that PowerShell uses). !(http://technology.bauzas.com/files/2013/10/image_3a0b96bd-3045-440f-b004-cdb8f7d7c7e4.png) Go to the Details tab and click Copy to File… !(http://technology.bauzas.com/files/2013/10/03%20-%20Certificate%20Export_1769ffff-55ea-4a58-b19c-96dfc409150b.png) Leave the first option selected and save the file to a local drive. !(http://technology.bauzas.com/files/2013/10/04%20-%20Certificate%20Export_ba463785-64cc-42e5-9e2e-9621b2067f65.png) !(http://technology.bauzas.com/files/2013/10/05%20-%20Certificate%20Export_da0d1a3e-658c-412f-bb87-420f903d91d6.png) Once the file is generated and saved locally, install the certificate by double clicking on the certificate-name.cer file. !(http://technology.bauzas.com/files/2013/10/06%20-%20Certificate%20Install_756e8161-1d02-488a-8533-41c5a1cb62a5.png) Install the certificate in the following store: !(http://technology.bauzas.com/files/2013/10/cert%20install_f5935c0a-f62c-487d-b11b-d51d040b4b81.png) Open up PowerShell with administrative privileges and execute the following command (replacing the domain name and username with your own one): !(http://technology.bauzas.com/files/2013/10/08%20-%20Remote%20PowerShell%20Session_f2da5814-6266-4dd5-81d3-2d4c760f65fc.png) A logon credential popup should appear where you will need to enter your VM’s username and password: !(http://technology.bauzas.com/files/2013/10/07%20-%20Remote%20PowerShell%20Session_461ab2c5-dc09-4140-94d0-d80e49133b63.png) If successful, it should be pretty obvious that you have successfully initiated a remote session with the VM. Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL !(http://technology.bauzas.com/files/2013/10/09%20-%20Remote%20PowerShell%20Session%20Verification_e692208c-a2be-450d-a593-81c9a62f2ad4.png) To open re-enable the firewall rule you issue the command: netsh advfirewall firewall set rule group="remote desktop" new enable=Yes !(http://technology.bauzas.com/files/2013/10/10%20-%20Remote%20PowerShell%20Session%20Firewall%20Rule%20Update_24aa6260-714e-4128-a3bd-053c68746ad3.png) The final step was to quit the PowerShell session and RDC to the VM. Success! I hope this write-up helps other people as well. Thanks Seán for a great question and for sharing the screenshot of your experience!

(http://img.zemanta.com/zemified_h.png?x-id=5ec61969-1836-4855-aee8-6fdcd77288fc)](http://www.zemanta.com/?px “Enhanced by Zemanta”)

Summary

You’ve successfully learned re-enable remote desktop with powershell after you’ve blocked it with your own firewall rule. If you run into any issues, double-check the prerequisites and ensure your Windows Azure Cloud environment is properly configured.