Windows Power Settings Profiles

At my work, we tend to do a lot through CLI commands as we have the ability to run them through the CLI on our remote management agent. In case you ever wanted to know what the CLI commands were for changing power profiles, here they are.

This command will list the profiles on the system, placing an * next the currently active profile.

powercfg /l

Here is a list of the profiles with the GUID code.

Existing Power Schemes (* Active) 
Power Scheme GUID: 0c7d7771-6e86-4e91-85a6-bde8f213dda8  (ThinkCentre Default) * 
Power Scheme GUID: 1eb70a2d-48d9-4d08-b7ab-ab9a0c400b06  (Maximum Performance) 
Power Scheme GUID: 262938da-66d2-454a-942b-88d5ae3cff8f  (Video Playback) 
Power Scheme GUID: 381b4222-f694-41f0-9685-ff5bb260df2e  (Balanced) 
Power Scheme GUID: 8325a222-37a9-4f5e-a71e-63a4836dae33  (Power Source Optimized) 
Power Scheme GUID: 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c  (High performance) 
Power Scheme GUID: a1841308-3541-4fab-bc81-f71556f20b4a  (Power saver) 
Power Scheme GUID: c344022c-a8be-48bf-9c4f-9a27c56bf419  (Maximum Energy Saving) 
Power Scheme GUID: df8fe310-ce94-457e-aa78-a679413da7b9  (Timers off (Presentation)) 

Here is the command to change the active profile. This one is using the GUID for the High Performance profile (monitor to sleep, but not system).

powercfg /s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c

Enabling Remote Desktop

With the recent Covid-19 outbreak, we had to setup a lot of users to work from home. We were creating to options for remote access:

  1. Sharing access to their workstation through our existing monitoring agent (we use Datto with Splashtop).
  2. Setting up their existing VPN client with RDP access.

Using the option 1 was beneficial if the users had home computers we weren’t monitoring/managing as it only provide screen control with no real network connection. However, the two limitations to use Splashtop were:

  1. Hard to run dual display setups.
  2. Unable to print from the remote computer to the local printer.

The other thing is that in the bare minimum state, the agent/splashtop setup had a cost per workstation to it. While we were passing this along to our customer at our annual cost, some of them still didn’t want to pay it for multiple employees.

Enter the VPN/RDP connection setup. The main reason for using the VPN/RDP setup is:

  1. It carried no additional cost (most of our customers on are Fortigate firewalls).
  2. It’s easier to work with multiscreen connections.
  3. Has the ability to support printing from the remote system to the local printer.

As a disclaimer: for security reasons, we never open RDP access to a machine through the network firewall to the public internet. We only use RDP access when paired with a VPN connection to limit exposure and security risk.

Instead of having to remote all the way into a users workstation and click through multiple screens, I finally figured out the various CLI commands to speed up this process.

I’ll first list of that I turned this into a batch file you can download and run on the workstation and then I’ll break down each command.

Batch Script

First off, download the zip and extract the batch script.

When you extract the batch file, there is only one place you are going to need to edit. You just need to change the highlighted part below to the users windows username, save it and run in.

All I would have to do was edit the script, upload it to their computer real quick, run it from the agent CLI and then delete the script. Sort of made me feel like a hacker 🙂

Breaking Down the Script

Now I’ll break down the script.

The first line of the script enabled Remote Desktop Connect.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

The next line unchecks the Network Level Authentication checkbox.

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f

The next command adds the necessary rules to the Windows Firewall to allow RDP connections.

netsh advfirewall firewall set rule group="remote desktop" new enable=Yes

Next one adds the user to the Remote Desktop Users security group on the workstation to authorize them to remote in using RDP.

net localgroup "Remote Desktop users" "USERNAME_HERE" /add

The last command puts the computer into the High Performance power profile. This will allow the monitor to go to sleep, but does not allow the computer to go to sleep.

powercfg /s 8c5e7fda-e8bf-4a96-9a85-a6e23a8c635c