Monitoring with PowerShell Chapter 2: Monitor RDS Security and Licensing status

1 Reply

Hi All,

Today we will be focusing on monitoring the RDS Security layer and licensing status, we often have RDS deployments in which a small oversight happens or the RD-Licensing information is lost. We’ll run a PowerShell script to check if the licensing is set-up correctly, and in what license mode we are running, it will also give us feedback if SSL and NLA are not enabled.

First we’ll start by getting the Security Status:

​​​​​​​$RDCollectionName = (Get-RDSessionCollection).CollectionName
$RDSec = Get-RDSessionCollectionConfiguration -CollectionName $RDCollectionName -Security
$NLAEnabled = $RDsec.AuthenticateUsingNLA
$EncryptionLevel = $RDsec.EncryptionLevel
$SecurityLayer = $RDsec.SecurityLayer

Now we can alert on the variables returned to us with the following thresholds:

  • $NLAEnabled should be True
  • $EncryptionLevel should be High
  • $SecurityLayer should be Negotiate or SSL

    • Next up is the licensing status which is simpler as on any RDS enabled host you can run the Get-RDLicenseConfiguration cmdlet, this give us all the information we want:

    $LicenseMode = (Get-RDLicenseConfiguration).Mode
$LicenseServer = (Get-RDLicenseConfiguration).LicenseServer

    This will return the License mode which you can alert on – We always expect the license mode to be “Per-User” but sometimes this is not set, or set to “Per-Device”.

    Enjoy!

    One thought on “Monitoring with PowerShell Chapter 2: Monitor RDS Security and Licensing status

    1. Mallory Verner

      Nice post. I’ve tried to change the script a little to also change the settings of the user disk locations too and it works perfect.

      Reply

    Leave a Reply

    Your email address will not be published. Required fields are marked *