REVIEWED by Sophos
Just a quick query to audit the state of MS RDP via the registry, uncomment (remove the 2 leading '--' from the last line) to return only machines where RDP is enabled.
SELECT
CASE
WHEN data = 0 then 'RDP Enabled'
WHEN data = 1 then 'RDP Disabled'
ELSE 'Error'
END AS 'RDP state'
FROM registry where key = 'HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\' AND name = 'fDenyTSConnections'
--AND data = '0'
