Today we will be focusing on monitoring the RDS Security layer and licensing status, we often have RDS deployments in which a small oversight happens or the RD-Licensing information is lost. We’ll run a PowerShell script to check if the licensing is set-up correctly, and in what license mode we are running, it will also give us feedback if SSL and NLA are not enabled.
First we’ll start by getting the Security Status:
$RDCollectionName = (Get-RDSessionCollection).CollectionName $RDSec = Get-RDSessionCollectionConfiguration -CollectionName $RDCollectionName -Security $NLAEnabled = $RDsec.AuthenticateUsingNLA $EncryptionLevel = $RDsec.EncryptionLevel $SecurityLayer = $RDsec.SecurityLayer
Now we can alert on the variables returned to us with the following thresholds:
Next up is the licensing status which is simpler as on any RDS enabled host you can run the Get-RDLicenseConfiguration cmdlet, this give us all the information we want:
$LicenseMode = (Get-RDLicenseConfiguration).Mode $LicenseServer = (Get-RDLicenseConfiguration).LicenseServer
This will return the License mode which you can alert on – We always expect the license mode to be “Per-User” but sometimes this is not set, or set to “Per-Device”.