1) Open up PowerShell Admin window and the run the below command
get-netfirewallrule -displaygroup “Remote Desktop” | ft Name,Enabled -autosize
If its broke you will see this:
Name Enabled —- ——- RemoteDesktop-UserMode-In-TCP False RemoteDesktop-UserMode-In-UDP False RemoteDesktop-Shadow-In-TCP False
Now let’s enable remote desktop:
netsh advfirewall firewall set rule group=”remote desktop” new enable=Yes
2) On some occasions it has been reported that Win 10 1809 clients see the error below when attempting to RDP to a Server 2019 system.
In these cases it has been found that installing KB4503327, if missing, on the server appears to resolve the issue.
I can't change the timezone
1) Use the Powershell cmdlet Set-TimeZone to adjust it. Open up a PowerShell Admin window and the run the following command to see a list of available time zones:
Get-TimeZone -ListAvailable
This will give you the name of all available time zones.
To set your timezone, run the following command:
Set-TimeZone -Name “Nameoftimezonehere”
Now run Get-TimeZone to see your currently set timezone.
PS C:\Windows\system32> Get-TimeZone
Id : Eastern Standard Time DisplayName : (UTC-05:00) Eastern Time (US & Canada) StandardName : Eastern Standard Time DaylightName : Eastern Daylight Time BaseUtcOffset : -05:00:00 SupportsDaylightSavingTime : True
Server Automatic Updates and Reboot settings
Disabling Windows Server Automatic Updates
To allow flexibility in server management, Windows Automatic Updates are not disabled by default on Server 2016 and 2019 OS’s. System Administrators that would prefer to disable this feature are encouraged to review and apply the GPO named “DI – BWTST Windows Server Disable Automatic Updates” to their local OUs. The GPO prevents Windows servers from automatically downloading updates and allows BigFix to manage security updates. After application of the GPO, Windows Update can still be triggered manually if needed.
Review Backlogged Reboots and Review Reboot vs No Reboot Properties and Memberships
Review the report GS-Wide: Windows Systems Requiring Restart To Complete Patching. Systems in this report are reporting that a restart is pending on the system, likely due to security patch installations that occurred but were not completed. Systems on this report may need multiple reboots as they catch up with applicable security patch installations.
Managing the Reboot/No Reboot preferences for systems in MECM and Bigfix must be reviewed and configured separately.
Servers: Patching Reboots on Servers are controlled via BigFix. MECM collection memberships have no affect on server reboots. As a reminder, the GPO “DI – BWTST Windows Server Disable Automatic Updates” is recommended to prevent Windows servers from automatically downloading updates and allows BigFix to manage security updates.
Clients: Reboot/No Reboot behavior needs to be managed in both MECM and BigFix. For MECM, review the local Enterprise Roll-up No Reboot collections (GS-ENT-SITE No Reboot).
