batch - remote desktop enable list of machines on network

1. @echo off
2. rem ==========================================================================================================================
3. rem - Script: enablenla.bat
4. rem -
5. rem - Purpose: To enable the remote desktop protocol (RDP) NetworK-Level Authentication (NLA) feature on a list of remote
6. rem - (target) computers, so that the target computers will require any connecting (source) computer to utilize
7. rem -  NLA-capable RDP - i.e. Windows 7 or higher and Windows Server 2008 or higher (or older O/S with NLA-compliant RDP)
8. rem - Notes:
9. rem -  After making this setting change, the target system needs to be rebooted, since this is an HKLM (Local Machine) key.
10. rem -  After making this setting change, you no longer will be able to connect to the target system via systems that run
11. rem -  Windows XP or older, or Windows Server 2003 or older, unless the source systems have upgraded to NLA-capable RDP versions
12. rem -  How to Run this script:
13. rem -  1) Save this script as "c:\scripts\enablenla.bat"
14. rem -     a) To run against a single computer
15. rem -        Execute this script, passing the remote computer name as the only parameter, redirecting output/errors to a log file
16. rem -         c:\scripts\enablenla.bat Server1 >> c:\scripts\nla-log.txt 2>&1
17. rem -           where Server1 is the remote computer needing RDP-NLA to be enabled
18. rem -     b) To run against multiple computers:
19. rem -        i. Make a wrapper "bat" file to 'call' this (enablenla.bat) script -
20. rem -           There is a "wrapper file" example in the "rem" statements at the end of this script
21. rem -       ii. In the "wrapper" file, place a series of "call" statements, each on a single line, for each remote computer
22. rem -           i.e. "call c:\scripts\enablenla Server1" (that would run this script against to modify the remote computer "Server1")
23. rem -      iii. Once you've entered all the lines containing all the target remote computer names,
24. rem -           save that "wrapper" script as "c:\scripts\callnla.bat"
25. rem -       iv. Execute the "wrapper" file, redirecting output & errors to a log file:
26. rem -           c:\scripts\callnla.bat >> c:\scripts\nla-log.txt 2>&1
27. rem -     c) Examine log for successes and to troubleshoot any errors ("notepad  c:\scripts\nla-log.txt")
28. rem -    
29. rem - Assumptions:
30. rem - 1) You can create/save this script and a wrapper script to a c:\scripts folder
31. rem - 2) You have the necessary privs/rights to modify the HKLM key on the targeted remote computers
32. rem -
33. rem ==========================================================================================================================
34. rem
35. echo.
36. echo "Adding NLA-ONLY key to remote computer %1"
37. echo.
38. reg add "\\%1\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 1 /f
39. echo.
40. echo "Finished adding NLA key to remote computer %1"
41. rem
42. rem [EXAMPLE OF A CALLING WRAPPER SCRIPT: "callnla.bat"]
43. rem -
44. rem - This script would contain the names of the remote computers on which you wish to enable RDP-NLA
45. rem -
46. rem - Create a script similar to below (save as "c:\scripts\callnla.bat"):
47. rem -
48. rem rem callnla.bat (wrapper script to make the call to "enablenla.bat"
49. rem rem
50. rem call c:\scripts\enablenla.bat Workstation1
51. rem call c:\scripts\enablenla.bat Workstation2
52. rem call c:\scripts\enablenla.bat Workstation3
53. rem call c:\scripts\enablenla.bat Server1
54. rem call c:\scripts\enablenla.bat Server2
55. rem call c:\scripts\enablenla.bat Server3