The RDP client is one of the most heavily utilised tools in a system administrator’s toolkit. There are alternatives, for example, console access, PowerShell, iLO or in the case of a physical machine the locally connected keyboard and monitor. This is fine for on-premise machines but for machines running in the cloud, most of the alternative methods are not an option and RDP becomes a critical method of connectivity.
Over the past months I have seen an increase in the number of customers that have adjusted the guest Windows OS firewall, inadvertently locking themselves out and making it impossible to manage their Azure virtual machines.
The following article outlines one of the methods I have successfully used when restoring access. This method makes use of the Azure virtual machine Custom Script Extension and a snippet of PowerShell.
1. The first step is to open your preferred PowerShell editor and paste in the following code.
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy
\DomainProfile' -name "EnableFirewall" -Value 0
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\
PublicProfile' -name "EnableFirewall" -Value 0
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\
Standardprofile' -name "EnableFirewall" -Value 0
These commands update local registry values which in turn disables the three firewall profiles on the next machine reboot.
A copy of the file can be downloaded from my GitHub disablefw.ps1.
2. Save the file as <filename>.ps1
3. Now login to the Azure portal and browse to the virtual machine that is having connectivity problems.
4. From the blade of the virtual machine, select Extensions
5. Click the +Add button and select Custom Script Extension from the popup menu.
6. Click on the folder icon to browse to where the <filename>.ps1 file has been stored and after selecting the file, click Open to upload it.
7. The virtual machine extension can now be installed by clicking OK.
NOTE: Additional Arguments are optional and for this task should be left blank.
8. Once the extension is installed, the Azure portal will report that provisioning has been successful.
9. It’s now time to restart the virtual machine before retrying an RDP connection.
This has proven to be very useful to me on a number of occasions, hopefully it will be of assistance to others.
As always, if any mistakes are spotted, feel free to leave me a comment.
You saved me about 8 hours of work with this.