Set-ExecutionPolicy -Scope CurrentUser remotesigned -Force 

# Disable all Inbound firewall rules

Get-NetFirewallRule | Where-Object { $_.Direction -eq 'Inbound' } | Disable-NetFirewallRule

# Enable 80 
Enable-NetFirewallRule -DisplayGroup "Windows Remote Management (Compatibility)"


# Enable 443
Enable-NetFirewallRule -DisplayGroup "Secure Socket Tunneling Protocol"


# Enable ping (ICMPv4)
Enable-NetFirewallRule -DisplayName "File and Printer Sharing (Echo Request - ICMPv4-In)" 

# 
Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name 'portnumber' -Value 1098

#
New-NetFirewallRule -displayname 'RDP(1098)' -Direction Inbound -Protocol TCP -LocalPort 1098 -Action Allow

#
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server' -Name "fDenyTSConnections" -Value 0

#Enable Network Level Authentication (NLA) for better security. 
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -Name "UserAuthentication" -Value 1

#
get-service TermService | restart-service -force