Windows/Enable Remote Desktop remotely

From braindump
Jump to navigation Jump to search

What to do when remote desktop is not enabled on a Windows XP host and the machine is not in close enough proximity to warrant walking over to enable it. Do it remotely with psexec.

Prerequisites

  • psexec from the Sysinternals
  • A windows XP host with a network connection

Howto

Remote login

First we need to get a connection to the host in question with the psexec tool. And then check if the Terminal Server service is already running. 

psexec \\<IPorHostName> -u Administrator cmd

should produce something along the lines 

PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Password:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

Once on the remote host sc can tell if the services is enabled or not. 

sc query termservice

Generally the service is running as we can see from the below output. SERVICE_NAME: termservice 

       TYPE               : 20  WIN32_SHARE_PROCESS
       STATE              : 4  RUNNING
                               (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
       WIN32_EXIT_CODE    : 0  (0x0)
       SERVICE_EXIT_CODE  : 0  (0x0)
       CHECKPOINT         : 0x0
       WAIT_HINT          : 0x0

However the service is not listening yet configured to listen on the default port of 3389. 

netstat -an | findstr LISTEN

Shows all kind of other ports being open but not 3389 

 TCP    0.0.0.0:135            0.0.0.0:0              LISTEN
 TCP    0.0.0.0:445            0.0.0.0:0              LISTEN
 TCP    127.0.0.1:1033         0.0.0.0:0              LISTEN
 TCP    127.0.0.1:5152         0.0.0.0:0              LISTEN
 TCP    127.0.0.1:5354         0.0.0.0:0              LISTEN
 TCP    127.0.0.1:11880        0.0.0.0:0              LISTEN

Enable Remote Destkop with the registry

To enable the Remote Desktop service completly two registry entries have to be touched. 

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v TSEnabled /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

On Windows XP the second registry command will automatically tell the TermService service to start listening on port 3389. To check netstat has to be run once more. 

netstat -an | findstr 3389

Should yield the following. 

 TCP    0.0.0.0:3389           0.0.0.0:0              LISTEN

Restrict access to certain users

It is probably a good idea to ensure that not everyone can login over Remote Desktop but only people that are part of the Administrator guild. While it is possible now to do this change over the newly enable Remote Desktop connection RealAdmins(tm) do it on the command line as well. 

net localgroup "Remote Desktop Users" <UserName> /add

And to confirm 

net localgroup "Remote Desktop Users"

should then show the below 

Alias name     Remote Desktop Users
Comment        Members in this group are granted the right to logon remotely

Members

-------------------------------------------------------------------------------
<Admin01>
<Admin02>
The command completed successfully.
Retrieved from "https://braindump.bun.ch/index.php?title=Windows/Enable_Remote_Desktop_remotely&oldid=704"