Vision. Goals. Execution.
Imagine ending up with streamlined workflows, impeccable service, and exceeding client expectations—all while regaining that work-life balance you’ve been dreaming of. We’re laser-focused on tailoring our consulting services to your needs, whether it’s optimizing your tools, implementing new systems, or revolutionizing your entire workflow. With Comer Technology Group, technology becomes your greatest ally, propelling you towards unrivalled success.
One of the most powerful (and most underrated) items to monitor and action off of is the RDP status and port of an endpoint. While I will not get into the politics of why, we fully believe it should be disabled by default on endpoints. This helps reduce your number of attack surfaces and vulnerabilities to exploits like BlueKeep (and many others).
For this script, we are going to do a few things:
Get the currently configured RDP port and status (enabled/disabled)
Write that status and port to an Asset Field (Asset Custom Field)
Create an alert if the service is enabled..
Information on Asset Fields: https://community.syncromsp.com/t/asset-fields-asset-custom-fields/5322
Syncro Scripting Basics: https://community.syncromsp.com/t/scripting-basics/579
Login to your Syncro instance
Navigate to Scripts > +New Script
Name: This is a descriptive name (we use S - Get RDP Port and Status [Win])
Description: A description that makes sense to you (for example: Gathers the RDP Port and status and writes to an agent custom field)
File Type: PowerShell, Run as: SystemFill out the following fields:
Script:
Import-Module $env:SyncroModule -WarningAction SilentlyContinue
$PortReg = (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" -Name PortNumber).PortNumber
$RDPReg = (Get-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server" -Name "fDenyTSConnections").fDenyTSConnections
$status = switch ($RDPReg) {
"1" { "Disabled" }
"0" { "Enabled" }
default { "Unknown" }
}
[string]$String = "Status: $status; Port: $PortReg"
Write-Output "Status: $status; Port: $PortReg"
if($status -eq $Enabled){
Rmm-Alert -Category 'Security' -Body "RDP Is currently enabled. $status"
}
Set-Asset-Field -Name 'rdp_status' -Value "Status: $status; Port: $PortReg"
Comer Technology Group provides exceptional business consulting services, management, and training in RMM and PSA – offering their service throughout all regions of the world.