Skip to content

Add GitHub Actions workflow for RDP setup #2

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
itzjaved wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add GitHub Actions workflow for RDP setup #2

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
114 changes: 114 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,114 @@
name: RDP

on:
workflow_dispatch:

jobs:
secure-rdp:
runs-on: windows-latest
timeout-minutes: 3600

steps:
- name: Configure Core RDP Settings
run: |
# Enable Remote Desktop and disable Network Level Authentication (if needed)
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' `
-Name "fDenyTSConnections" -Value 0 -Force
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' `
-Name "UserAuthentication" -Value 0 -Force
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' `
-Name "SecurityLayer" -Value 0 -Force

# Remove any existing rule with the same name to avoid duplication
netsh advfirewall firewall delete rule name="RDP-Tailscale"

# For testing, allow any incoming connection on port 3389
netsh advfirewall firewall add rule name="RDP-Tailscale" `
dir=in action=allow protocol=TCP localport=3389

# (Optional) Restart the Remote Desktop service to ensure changes take effect
Restart-Service -Name TermService -Force

- name: Create RDP User with Secure Password
run: |
Add-Type -AssemblyName System.Security
$charSet = @{
Upper = [char[]](65..90) # A-Z
Lower = [char[]](97..122) # a-z
Number = [char[]](48..57) # 0-9
Special = ([char[]](33..47) + [char[]](58..64) +
[char[]](91..96) + [char[]](123..126)) # Special characters
}
$rawPassword = @()
$rawPassword += $charSet.Upper | Get-Random -Count 4
$rawPassword += $charSet.Lower | Get-Random -Count 4
$rawPassword += $charSet.Number | Get-Random -Count 4
$rawPassword += $charSet.Special | Get-Random -Count 4
$password = -join ($rawPassword | Sort-Object { Get-Random })
$securePass = ConvertTo-SecureString $password -AsPlainText -Force
New-LocalUser -Name "RDP" -Password $securePass -AccountNeverExpires
Add-LocalGroupMember -Group "Administrators" -Member "RDP"
Add-LocalGroupMember -Group "Remote Desktop Users" -Member "RDP"

echo "RDP_CREDS=User: RDP | Password: $password" >> $env:GITHUB_ENV

if (-not (Get-LocalUser -Name "RDP")) {
Write-Error "User creation failed"
exit 1
}

- name: Install Tailscale
run: |
$tsUrl = "https://pkgs.tailscale.com/stable/tailscale-setup-1.82.0-amd64.msi"
$installerPath = "$env:TEMP\tailscale.msi"

Invoke-WebRequest -Uri $tsUrl -OutFile $installerPath
Start-Process msiexec.exe -ArgumentList "/i", "`"$installerPath`"", "/quiet", "/norestart" -Wait
Remove-Item $installerPath -Force

- name: Establish Tailscale Connection
run: |
# Bring up Tailscale with the provided auth key and set a unique hostname
& "$env:ProgramFiles\Tailscale\tailscale.exe" up --authkey=${{ secrets.TAILSCALE_AUTH_KEY }} --hostname=gh-runner-$env:GITHUB_RUN_ID

# Wait for Tailscale to assign an IP
$tsIP = $null
$retries = 0
while (-not $tsIP -and $retries -lt 10) {
$tsIP = & "$env:ProgramFiles\Tailscale\tailscale.exe" ip -4
Start-Sleep -Seconds 5
$retries++
}

if (-not $tsIP) {
Write-Error "Tailscale IP not assigned. Exiting."
exit 1
}
echo "TAILSCALE_IP=$tsIP" >> $env:GITHUB_ENV

- name: Verify RDP Accessibility
run: |
Write-Host "Tailscale IP: $env:TAILSCALE_IP"

# Test connectivity using Test-NetConnection against the Tailscale IP on port 3389
$testResult = Test-NetConnection -ComputerName $env:TAILSCALE_IP -Port 3389
if (-not $testResult.TcpTestSucceeded) {
Write-Error "TCP connection to RDP port 3389 failed"
exit 1
}
Write-Host "TCP connectivity successful!"

- name: Maintain Connection
run: |
Write-Host "`n=== RDP ACCESS ==="
Write-Host "Address: $env:TAILSCALE_IP"
Write-Host "Username: RDP"
Write-Host "Password: $(echo $env:RDP_CREDS)"
Write-Host "==================`n"

# Keep runner active indefinitely (or until manually cancelled)
while ($true) {
Write-Host "[$(Get-Date)] RDP Active - Use Ctrl+C in workflow to terminate"
Start-Sleep -Seconds 300
}