Hi All,

Today we will be focusing on monitoring the RDS Security layer and licensing status, we often have RDS deployments in which a small oversight happens or the RD-Licensing information is lost. We’ll run a PowerShell script to check if the licensing is set-up correctly, and in what license mode we are running, it will also give us feedback if SSL and NLA are not enabled.

First we’ll start by getting the Security Status:

1
2
3
4
5
6
7

​​​​​​​$RDCollectionName = (Get-RDSessionCollection).CollectionName
$RDSec = Get-RDSessionCollectionConfiguration -CollectionName $RDCollectionName -Security

$NLAEnabled = $RDsec.AuthenticateUsingNLA
$EncryptionLevel = $RDsec.EncryptionLevel
$SecurityLayer = $RDsec.SecurityLayer

Now we can alert on the variables returned to us with the following thresholds:

6. $NLAEnabled should be True
7. $EncryptionLevel should be High
8. $SecurityLayer should be Negotiate or SSL Next up is the licensing status which is simpler as on any RDS enabled host you can run the Get-RDLicenseConfiguration cmdlet, this give us all the information we want:

1
2
3

$LicenseMode = (Get-RDLicenseConfiguration).Mode
$LicenseServer = (Get-RDLicenseConfiguration).LicenseServer

This will return the License mode which you can alert on – We always expect the license mode to be “Per-User” but sometimes this is not set, or set to “Per-Device”.

Enjoy!