Difference between revisions of "Windows/Enable Remote Desktop remotely"

From braindump
Jump to navigation Jump to search
 
(7 intermediate revisions by the same user not shown)
Line 45: Line 45:
To enable the Remote Desktop service completly two registry entries have to be touched.
To enable the Remote Desktop service completly two registry entries have to be touched.
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v TSEnabled /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v TSEnabled /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnection /t REG_DWORD /d 0 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
On Windows XP the second registry command will automatically tell the <tt>TermService</tt> service to start listening on port <tt>3389</tt>. To check <tt>netstat</tt> has to be run once more.
netstat -an | findstr 3389
Should yield the following.
TCP 0.0.0.0:<span class="highlight">3389</span> 0.0.0.0:0 LISTEN
=== Restrict access to certain users ===
It is probably a good idea to ensure that not everyone can login over Remote Desktop but only people that are part of the Administrator guild. While it is possible now to do this change over the newly enable Remote Desktop connection RealAdmins(tm) do it on the command line as well.
net localgroup "Remote Desktop Users" <span class="input"><UserName></span> /add
And to confirm
net localgroup "Remote Desktop Users"
should then show the below
Alias name Remote Desktop Users
Comment Members in this group are granted the right to logon remotely
Members
-------------------------------------------------------------------------------
<span class="highlight"><Admin01></span>
<span class="highlight"><Admin02></span>
The command completed successfully.


== References ==
=== Restart <tt>TermService</tt> ===
* [http://www.windows-commandline.com/start-terminal-services-command-line/ Start the terminal server from command line]
For good reason the Remote Desktop service can not be restarted or killed. However there is a way around it. Using <tt>tasklist</tt> to find the PID to be killed.
* [http://www.mydigitallife.info/how-to-remotely-enable-remote-desktop-terminal-services-or-rdp-via-registry-in-windows-2000xp2000vista2008/ Similar but via remote registry editing]
tasklist /svc | findstr TermService
* [http://blog.bartlweb.net/2010/03/windows-xp-professional-in-einen-terminalserver-verwandeln/ Make XP, Vista and Win 7 accept multiple RDP connections] [German]
yields something like the below

svchost.exe <span class="highlight"><PID></span> DcomLaunch, TermService
[[Category:Windows]]
The pid is used to kill the process
taskkill /f /pid <span class="input"><PID></span>
[[Category:Windows]]
[[Category:Windows]]

Latest revision as of 10:18, 25 June 2012

What to do when remote desktop is not enabled on a Windows XP host and the machine is not in close enough proximity to warrant walking over to enable it. Do it remotely with psexec.

Prerequisites

  • psexec from the Sysinternals
  • A windows XP host with a network connection

Howto

Remote login

First we need to get a connection to the host in question with the psexec tool. And then check if the Terminal Server service is already running.

psexec \\<IPorHostName> -u Administrator cmd

should produce something along the lines

PsExec v1.98 - Execute processes remotely
Copyright (C) 2001-2010 Mark Russinovich
Sysinternals - www.sysinternals.com

Password:

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\WINDOWS\system32>

Once on the remote host sc can tell if the services is enabled or not.

sc query termservice

Generally the service is running as we can see from the below output. SERVICE_NAME: termservice

       TYPE               : 20  WIN32_SHARE_PROCESS
       STATE              : 4  RUNNING
                               (NOT_STOPPABLE,NOT_PAUSABLE,IGNORES_SHUTDOWN)
       WIN32_EXIT_CODE    : 0  (0x0)
       SERVICE_EXIT_CODE  : 0  (0x0)
       CHECKPOINT         : 0x0
       WAIT_HINT          : 0x0

However the service is not listening yet configured to listen on the default port of 3389.

netstat -an | findstr LISTEN

Shows all kind of other ports being open but not 3389

 TCP    0.0.0.0:135            0.0.0.0:0              LISTEN
 TCP    0.0.0.0:445            0.0.0.0:0              LISTEN
 TCP    127.0.0.1:1033         0.0.0.0:0              LISTEN
 TCP    127.0.0.1:5152         0.0.0.0:0              LISTEN
 TCP    127.0.0.1:5354         0.0.0.0:0              LISTEN
 TCP    127.0.0.1:11880        0.0.0.0:0              LISTEN

Enable Remote Destkop with the registry

To enable the Remote Desktop service completly two registry entries have to be touched.

reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v TSEnabled /t REG_DWORD /d 1 /f
reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

On Windows XP the second registry command will automatically tell the TermService service to start listening on port 3389. To check netstat has to be run once more.

netstat -an | findstr 3389

Should yield the following.

 TCP    0.0.0.0:3389           0.0.0.0:0              LISTEN

Restrict access to certain users

It is probably a good idea to ensure that not everyone can login over Remote Desktop but only people that are part of the Administrator guild. While it is possible now to do this change over the newly enable Remote Desktop connection RealAdmins(tm) do it on the command line as well.

net localgroup "Remote Desktop Users" <UserName> /add

And to confirm

net localgroup "Remote Desktop Users"

should then show the below

Alias name     Remote Desktop Users
Comment        Members in this group are granted the right to logon remotely

Members

-------------------------------------------------------------------------------
<Admin01>
<Admin02>
The command completed successfully.

References