By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

How can I use the AWSSupport-ManageRDPSettings runbook to manage the RDP settings on my Amazon EC2 Windows instance?

3 minute read
0

I want to use the AWSSupport-ManageRDPSetting AWS System Manager automation runbook to manage the settings on my Amazon Elastic Compute Cloud (Amazon EC2) Windows instance.

Short description

The AWSSupport-ManageRDPSettings runbook allows you to manage RDP settings such as RDP port, and Network Layer Authentication (NLA) for your EC2 Windows instance. The AWSSupport-ManageRDPSettings workflow runs the following three steps:

  1. Checks that the instance's platform is Windows
  2. Checks that the managed instance is Online
  3. Runs an AWS Tools for PowerShell script to apply the required configuration on the target instance

Resolution

Prerequisites: Confirm that the user or AWS Identity and Access Management (IAM) service role that's associated with your instance has the required IAM permissions.

  1. Open the Systems Manager console.

  2. In the navigation pane, choose Documents.

  3. In the document search, enter AWSSupport-ManageRDPSettings.

  4. Choose the AWSSupport-ManageRDPSettings document, and then choose Execute automation.

  5. For input parameters, enter your specifications for the following parameters:

    InstanceId (Required): The ID of the managed instance that you want to manage the RDP settings for.

    RDPPortAction (Required): An action to apply to the RDP port. Choose Check, Enable, or Disable.

    NLASettingAction (Required): An action to perform on the NLA setting. Choose Check, Enable, and Disable.

    RemoteConnections (Required): An action to perform on the fDenyTSConnections setting. Choose Check, Enable, or Disable.

    RDPPort (Optional): Specify a new RDP port. The port number must be between 1025-65535.

    Note: After the port is changed, the RDP service restarts.

  6. After the workflow completes, review the Outputs section for detailed results.

Workflow output

The successful output shows the changes that occurred to the RDP setting.

If the runbook fails, then there are a number of possible outputs:

  • Issues with the registry subkey [HKLM:\SYSTEM\CurrentControlSet\Control\Termin*Server\WinStations\RDP*CP\] or the PortNumber property. You might observe one of the following errors:

    "PortNumber property does not exist"

    "Registry subkey path does not exist"

  • Issues with access to the registry key when you set the PortNumber property

  • Issues with the registry subkey [HKLM:\SYSTEM\CurrentControlSet\Control\Termin*Server\] or the fDenyTSConnections property. You might observe one of the following errors:

    "DenyTSConnections property does not exist"

    "Registry subkey path does not exist"

  • Can't change RDP port. Before the RDP port changes, the workflow checks if the new port is already in use by another service. If it's in use, then the port isn't modified and you receive an error.

To troubleshoot, manage, and reduce costs on your AWS resources, see the Systems Manager Automation runbook reference. These runbooks are prefixed with AWSSupport or AWSPremiumSupport.

Related information

Run this Automation

Run an automation

Setting up Automation

Topics
ComputeEnd User Computing
Tags
Amazon EC2AWS Support Automation Workflows
Language
English
AWS OFFICIAL
AWS OFFICIALUpdated 8 months ago
No comments

Relevant content