Got a great email from reader Seán McDonnell.

收到了讀者塞恩麥克唐納的來信。

The Big Problem:

最大的問題：

I set up an Azure virtual machine running Windows Server 2012.

我設定了執行Windows Server 2012的Azure虛擬機器。

I accidentally disabled the Remote Desktop Windows firewall rule (while I was remotely connected). The connection dropped as you would expect.

我不小心禁用了遠端桌面Windows防火牆規則(當我進行遠端連線時)。 連線下降，正如您所期望的。

I have been pulling my hair out ever since trying to re-enable this rule.

自嘗試重新啟用此規則以來，我一直在拔頭髮。

Doh. Ouch. I didn't ask how this happened, but you know, one gets to clicking and typing and you can feel the mistake about to happen as your hand drops towards the keyboard, but by then it's too late. Gravity has screwed you.

h 哎喲。 我沒有問這是怎麼發生的，但是您知道，單擊滑鼠並打字時，您會感到錯誤，因為您的手垂向鍵盤，但那時為時已晚。 重力把你搞砸了。

I suggested that Seán use Remote Powershell to get in and add the enabling Firewall Rule for RDC. Remote PowerShell is like "SSH" in *nix. You get a remote terminal and can pretty much do whatever you want from there.

我建議Seán使用Remote Powershell進入併為RDC新增啟用的防火牆規則。 遠端PowerShell類似於* nix中的“ SSH”。 您將獲得一個遠端終端，幾乎可以從那裡做任何您想做的事情。

TL; DR版的Seán的經驗。 (TL;DR version of Seán's experience.)

• Make sure PowerShell is enabled in the Endpoints section of the Azure portal.
  確保在Azure門戶的“端點”部分中啟用了PowerShell。

• Get the server's certificate (PowerShell needs this for remote commands). You can get the server certificate by going to your domains' URL: https://yourdomain.cloudapp.net:12345 (where :12345 is the port that PowerShell uses).

  獲取伺服器的證書(PowerShell對於遠端命令需要此證書)。 您可以通過以下方法獲取伺服器證書：域的URL： https://yourdomain.cloudapp.net:12345 ://yourdomain.cloudapp.net:12345(其中：12345是PowerShell使用的埠)。

• Export the SSL certificate of the site as a .CER file and install it on your local machine.
  將站點的SSL證書匯出為.CER檔案，並將其安裝在本地計算機上。
• Save it to the "Trusted Root Certification Authorities" store on your machine.
  將其儲存到計算機上的“受信任的根證書頒發機構”儲存中。

• Open PowerShell with administrative privileges on your local machine and type:

  使用本地計算機上的管理特權開啟PowerShell，然後鍵入：

  Open PowerShell with administrative privileges on your local machine and type: Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL

  使用本地計算機上的管理特權開啟PowerShell，然後鍵入： Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL

• A login popup will appear, enter your VM's login credentials here.
  將顯示一個登入彈出視窗，在此處輸入您的VM的登入憑據。

• You will now be able to execute commands against the Azure VM. In Seán's case, he ran

  現在，您將能夠對Azure VM執行命令。 以塞恩為例，他跑了

  You will now be able to execute commands against the Azure VM. In Seán's case, he ran netsh advfirewall firewall set rule group="remote desktop" new enable=Yes

  現在，您將能夠對Azure VM執行命令。 對於Seán，他運行了netsh advfirewall firewall set rule group="remote desktop" new enable=Yes

  and exited the PowerShell session and was able to remotely connect to my machine.

  並退出了PowerShell會話，並且能夠遠端連線到我的計算機。

詳細版本加截圖 (Long Detailed Version with Screenshots)

Long version with screenshots:

帶有截圖的長版：

Make sure PowerShell is publically accessible in the 'endpoints' section of the Azure portal.

確保可以在Azure門戶的“端點”部分中公開訪問PowerShell。

Get the server's certificate (PowerShell needs this for establishing a remote session). You can get the server certificate by going to your domains' URL: https://yourdomain.cloudapp.net:5986 (where :5986 is the port that PowerShell uses).

獲取伺服器的證書(PowerShell需要使用它來建立遠端會話)。 您可以通過以下方法獲取伺服器證書：域的URL： https ://yourdomain.cloudapp.net:5986(其中：5986是PowerShell使用的埠)。

Go to the Details tab and click Copy to File...

轉到“詳細資訊”選項卡，然後單擊“複製到檔案...”。

Leave the first option selected and save the file to a local drive.

保持第一個選項處於選中狀態，然後將檔案儲存到本地驅動器。

Once the file is generated and saved locally, install the certificate by double clicking on the certificate-name.cer file.

生成檔案並將其儲存在本地後，通過雙擊certificate-name.cer檔案安裝證書。

Install the certificate in the following store:

在以下儲存中安裝證書：

Open up PowerShell with administrative privileges and execute the following command (replacing the domain name and username with your own one):

使用管理特權開啟PowerShell並執行以下命令(用您自己的域名和使用者名稱替換)：

A logon credential popup should appear where you will need to enter your VM's username and password:

登入憑據彈出視窗將出現，您需要在其中輸入虛擬機器的使用者名稱和密碼：

If successful, it should be pretty obvious that you have successfully initiated a remote session with the VM.

如果成功，很明顯您已經成功啟動了與VM的遠端會話。

Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL

Enter-PSSession -ComputerName yourdomain.cloudapp.net -Port 5986 -Credential YourUserName -UseSSL

To open re-enable the firewall rule you issue the command:

要開啟重新啟用防火牆規則，請發出以下命令：

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes

The final step was to quit the PowerShell session and RDC to the VM. Success!

最後一步是退出PowerShell會話和RDC到VM。 成功！

I hope this write-up helps other people as well. Thanks Seán for a great question and for sharing the screenshot of your experience!

我希望這篇文章也能對其他人有所幫助。 感謝Seán提出了一個很好的問題，並分享了您的使用體驗的螢幕截圖！

Sponsor: Thanks to Red Gate for sponsoring the feed this week! Check out a simpler way to deploy with Red Gate’s Deployment Manager. It can deploy your .NET apps, services, and databases in a single, repeatable process. Get your free Starter edition now.

贊助者：感謝Red Gate本週贊助了這個提要！ 找出使用Red Gate的Deployment Manager進行部署的更簡單方法。 它可以在一個可重複的過程中部署.NET應用程式，服務和資料庫。 立即獲取免費的簡化版。

關於斯科特 (About Scott)

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

斯科特·漢塞爾曼(Scott Hanselman)是前教授，前金融首席架構師，現在是演講者，顧問，父親，糖尿病患者和Microsoft員工。 他是一位失敗的單口相聲漫畫家，一個玉米種植者和一本書的作者。

翻譯自: https://www.hanselman.com/blog/csi-reenabling-remote-desktop-with-powershell-after-youve-blocked-it-with-your-own-firewall-rule