Use MEM to enable RSAT in Windows 10 and Windows 11

Back in the days Remote Server Administration Tools (RSAT) was installed by running an installation package. But from Windows 10 October 2018-release RSAT is included in the operating system as a feature but is not enabled ny default.

In this post we will have a look at how to:
* Manually enable RSAT in our Windows 10/Windows 11 devices
* Use MEM to enable RSAT in our Windows 10/Windows 11 devices

Manual approach, using PowerShell

Let’s start off by identifying the commands used to query and install RSAT.

  1. Open: PowerShell as an admin
  2. To get all tools run: Get-WindowsCapability -Online -Name RSAT*
  3. To get currently enabled tools run: Get-WindowsCapability -Online -Name RSAT* | where {$_.State -eq ‘Installed’}
  4. To get currently not enabled tools run: Get-WindowsCapability -Online -Name RSAT* | where {$_.State -ne ‘Installed’}
  5. In this post we will focus on Active Directory ADDS and Bitlocker Recovery Tools
  6. To enable Active Directory ADDS run: Add-WindowsCapability -Online -Name ‘Rsat.ActiveDirectory.DS-LDS.Tools~~~~0.0.1.0’
  7. To enable Bitlocker recovery tools run: Add-WindowsCapability -Online -Name ‘Rsat.BitLocker.Recovery.Tools~~~~0.0.1.0’
  8. A restart is not needed for these two tools, but does not hurt ๐Ÿ˜‰

Use MEM to enable RSAT

We will use a Win32_app to install and detect RSAT. We will then assign RSAT as an available app to an AAD-group including all of our admins.

Download and extract the .ZIP-file from my GitHub repository: Release W10W11 – Enable RSAT (github.com)

  1. Open, inspect and edit: Deploy-Application.exe as per your need. The script is prepared to install Active Directory ADDS and Bitlocker RSAT Tools. Go ahead and add any other tools you need.
  2. Use: Microsoft Win32 Content Prep Tool to wrap the contents you previously downloaded. Use Deploy-Application.exe as the setup file
  3. Open MEM: https://endpoint.microsoft.com/
  4. Click: Apps -> Windows
  5. Click: +Add
  6. App type: Windows app (win32)
  7. Click: Select
  8. Select file: Pick the .intunewin-file you created in step 2
  9. Click: OK
  10. Name: W10W11 – Enable RSAT (or any other name by your choice)
  11. Description: Add a description
  12. Publisher: Add a publisher (could be your company name)
  13. App version: 1.0.0.1
  14. Information URL (optional): Add the URL to this post https://www.nicklasahlberg.se/2021/10/06/use-mem-to-enable-rsat-in-windows-10-and-windows-11/
  15. Image (optional): Use logo from .\Images folder
  16. Click: Next
  17. Install command: Deploy-Application.exe -DeploymentType Install
  18. Uninstall command: Deploy-Application.exe -DeploymentType Uninstall
  19. Click: Next
  20. Operating system architecture: Select both 32-bit and 64-bit
  21. Minimum operating system: Select Windows 10 1809
  22. Click: Next
  23. Rules format: Use a custom detection script
  24. Script file: Select Custom Detection.ps1 found in .\Docs
  25. Click: Next three times
  26. Assign the app as per your need. In this demo I am assigning it to All users but keep in mind that this is my lab environment
  27. Click: Create

Open Company portal and try it out ๐Ÿ˜

Leave a Reply

Your email address will not be published. Required fields are marked *