Today we will be focusing on monitoring the RDS Security layer and licensing status, we often have RDS deployments in which a small oversight happens or the RD-Licensing information is lost. We’ll run a PowerShell script to check if the licensing is set-up correctly, and in what license mode we are running, it will also give us feedback if SSL and NLA are not enabled.
First we’ll start by getting the Security Status:
Now we can alert on the variables returned to us with the following thresholds:
- $NLAEnabled should be True
- $EncryptionLevel should be High
- $SecurityLayer should be Negotiate or SSL Next up is the licensing status which is simpler as on any RDS enabled host you can run the Get-RDLicenseConfiguration cmdlet, this give us all the information we want:
This will return the License mode which you can alert on – We always expect the license mode to be “Per-User” but sometimes this is not set, or set to “Per-Device”.