Tuesday, March 25, 2008

How to Enable RDP Remotely on XP Computers


In a previous article I explained how to enable Remote Desktop access on a remote computer.

I've noticed that these steps do not work on Windows XP computers. It turns out that you need to set two registry keys:
  • HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections should be changed from 1 to 0 (zero)
  • HKLM\System\CurrentControlSet\Control\Terminal Server\fDenyTSConnections should be changed from 1 to 0 (zero)

The first setting enables the RDP protocol on the computer to listen on TCP port 3389. The second setting allows users to login via Remote Desktop. Both settings go into effect immediately and do not require a restart.

Note: If the second setting is not changed to 0 you will get a logon message saying, "Unable to log you on because of an account restriction." You will also get this same logon message if you attempt to logon via RDP with an account that has a blank password. The account you use must have a password to logon using Remote Desktop.

I wrote a batch file that will easily enable or disable Remote Desktop on a remote machine. The syntax is: RDP [computername] [ON | OFF]. Copy the code below and save it as RDP.BAT somewhere in your system path (I use C:\Windows).

---Begin Code---

@echo off
SET RemoteComputer=%1
SET RemoteComputer=%RemoteComputer:\=%
if /i "%2"=="on" goto EnableRDP
if /i "%2"=="off" goto DisableRDP
goto Syntax

:EnableRDP
REG ADD "\\%RemoteComputer%\HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services" /v fDenyTSConnections /t REG_DWORD /d 0 /f
if ERRORLEVEL==1 goto Error
REG ADD "\\%RemoteComputer%\HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
echo.
echo Remote Desktop has been enabled on %RemoteComputer%
goto End

:DisableRDPREG ADD "\\%RemoteComputer%\HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services" /v fDenyTSConnections /t REG_DWORD /d 1 /f
if ERRORLEVEL==1 goto Error
REG ADD "\\%RemoteComputer%\HKLM\System\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f
echo.
echo Remote Desktop has been disabled on %RemoteComputer%
goto End

:Error
echo.
echo ======================================================================
echo Make sure the remote computer is online and you have sufficient rights
echo to modify its registry.
echo ======================================================================
echo.

:Syntax
echo.
echo RDP enables or disables Remote Desktop on a remote computer
echo Visit http://www.expta.com for details
echo.
echo RDP [computername] [ON ^| OFF]
echo.
echo ON - Disable RDP on the remote computer
echo OFF - Enable RDP on the remote computer
echo.

:End
SET RemoteComputer=

---End Code---

Note that if Group Policy is configured to disable Remote Desktop (Computer Configuration Administrative Templates Windows Components Terminal Services Allow users to connect remotel using Terminal Services) the HKLM\Software\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections setting will revert back to 1 after a Group Policy refresh.

Labels: , , , , , ,

Subscribe to my feed   StumbleUpon Toolbar

Subscribe to The EXPTA {blog} by Email

posted by Jeff @ 12:27 PM   2 Comments Links to this post

Monday, November 19, 2007

How to Enable Remote Desktop from a Remote Machine


[Note: Also see my other article that explains how to enable Remote Desktop for Windows XP computers]
Have you ever tried to connect to a server or workstation via RDP, but can’t because Remote Desktop isn’t enabled? Here’s how you can enable Remote Desktop remotely.

The following procedures assume that you have administrator rights on the target machine.
  1. Run Regedit
  2. Select File Connect Network Registry
  3. Enter the name of the remote computer and click OK
  4. At the bottom of the registry tree you will see two hives appear for the remote machine: HKEY_LOCAL_MACHINE and HKEY_USERS
  5. Navigate to HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server
  6. Double-click fDenyTSConnections in the right-hand pane and change the value from 1 to 0
Another way to accomplish the same task is by using WMIC, the WMI command line utility in Windows 2000, XP, Vista and 2003 Server. Here’s the one line command:

wmic /node:TargetComputer PATH Win32_TerminalServiceSetting WHERE AllowTSConnections=0 CALL SetAllowTSConnections 1
The command above is not case sensitive, by the way.

Note that neither of these methods require a restart of the remote machine, however I have seen it sometimes take a minute to take affect. Remember, patience is a virtue. :)

Labels: , , , , , ,

Subscribe to my feed   StumbleUpon Toolbar

Subscribe to The EXPTA {blog} by Email

posted by Jeff @ 7:32 AM   1 Comments Links to this post

Tuesday, May 29, 2007

Handy Way to Lookup KB Articles

Sometimes it seems I live in TechNet. Here's a registry entry you can use to easily look up a KB article from the Address bar in Internet Explorer:
  1. [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\KB]
  2. @="http://support.microsoft.com/?kbid=%s"

Save the two lines above (wrapped for clarity) in a REG file and double-click it to import it. Now just enter KB 834544 in the IE address bar to bring up the article.

Labels: ,

Subscribe to my feed   StumbleUpon Toolbar

Subscribe to The EXPTA {blog} by Email

posted by Jeff @ 12:43 PM   0 Comments Links to this post