Jormungand

$domain = "" $user = "" $password = "" #$other_user = "" cmdkey /generic:TERMSRV/$pc /user:$domain\$User /pass:$Password $pc = Read-Host "PC Name: " #Start RemoteRegistry PsExec.exe \\$pc -s -d sc start remoteregistry Start-Sleep -Seconds 5 #Enable RDP PsExec.exe \\$pc -s -d REG ADD "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /f /v fDenyTSConnections /t REG_DWORD /d 0 Start-Sleep -Seconds 5 #Add user to group Remote Desktop Users PsExec.exe \\$pc -s -d net localgroup "remote desktop users" "$domain\$user" /add #Start-Sleep -Seconds 5 #PsExec.exe \\$pc -s -d net localgroup "remote desktop users" "$domain\$other_user" /add #Start-Sleep -Seconds 5 #Connect to PC mstsc /v:$pc Start-Sleep -Seconds 5 #Stop RemoteRegistry PsExec.exe \\$pc -s -d sc stop remoteregistry This script will enable "Remote Registry" on the remote machine Enables the option for remote access Adds you to the Remote Desktop Users group Start connection Turn off the remote registry But you need to have the program "psexec.exe" in the folder "C:\Windows\System32" on your machine and on the remote machine You can add a copy of this program to the script Copy-Item -Path "location of the programm" -Destination $pc\admin$\system32\ -Recurse -force Link to psexec: https://technet.microsoft.com/ru-ru/sysinternals/bb897553.aspx?f=255&MSPPError=-2147217396