Turn Off Monitor when using Chrome Remote Desktop

Reference: Control use of Chrome Remote Desktop

Enable Curtain Mode for Chrome Remote Desktop

Note for Windows users: This feature only works on Windows devices running Windows Professional, Ultimate, Enterprise, or Server.

To enable Chrome Remote Desktop to prevent someone physically present at a host machine from seeing what a user is doing while a remote connection is in progress, check the steps below.

Steps for all Windows installations:

Note: The parent keys may not exist (even with Chrome installed) and will need to be created. The “1” is of type DWORD-32.

  1. Using Regedit, set HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\RemoteAccessHostRequireCurtain to 1.
  2. Enable RDP connections to the machine by unchecking Control Panel\System and Security\System > Remote settings > “Allow connections only from computers running Remote Desktop with Network Level Authentication (recommended)”.

Additional step for Windows 10 installations:

Follow the steps above for all Windows installations, and then do the following after step 2:

Set HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer to 1.

For additional information on this key and value, please see Configure Server Authentication and Encryption Levels on the Microsoft Windows Server website.

Advertisements

PSRemoting into non-domain joined computers

PSRemoting into non-domain joined computers

Today I was trying to Enter-PSSession on a remote machine, from my machine that is not joined to the same domain, and I start getting all kind of authentication error. Basically the problem reside on YOUR machine, not on the server, windows server 2012 has the remoting enabled by default (of course you need to open firewall as well), so what’s the problem? By default, local machine allow remote ps only using Kerberos, and to allow other kind of connection you need to trust the remote machine, but how?

You need to set the TrustedHosts! (to use HTTP protocol, see below for a more secure approach using HTTPS)

To see what’s in the trusted host you can use the Get-Item command:

Get-Item WSMan:\localhost\Client\TrustedHosts

And here’s how to set the value with the Set-Item command:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "*" -Force

Here I’ve set to trust all the remote end-points, so the system does not bore me again, obviously this could harm your computer.

The TrustedHosts item, contains a comma separated value, so to add more server you have to provider a CSV, for instance:

Set-Item WSMan:\localhost\Client\TrustedHosts -Value "10.5.1.1,10.5.1.2" -Force

To clear the trusted host you can use the Clear-Item command as follow:

Clear-Item WSMan:\localhost\Client\TrustedHosts -Force

If you don’t specify -Force, you will be warned before continue with the command.

Now you can run your commands remotely on the target machine:

Enter-PSSession -ComputerName 10.5.1.1 -Credential m.denny@mydomain.local

If you plan to use HTTP this guide is fine, however I strongly recommend to implement HTTPS for encrypting the traffic between the client and remote server.

You can follow this guide (took from appveyor wiki) on how to enabling powershell remoting on server and enabling HTTPS protocol.