Computer Performance, Windows Server 2008

3CX Phone System for Windows - VOIP IP PBX

3CX Phone System for Windows -
VOIP IP PBX

Get your 5 free applications now

Application Publishing with 2X ApplicationServer

How to Configure Windows Server 2003 Remote Desktop - Remotely

Guy RecommendsGFi Events Manager

A solution to monitor, manage and archive thousands of events that are generated by devices across the entire network. 
Download FREE trial

Introduction to How to Configure Remote Desktop - Remotely

One of the most annoying situations is when you know that the Windows 2003 Server is up and running, but you cannot connect because Remote Desktop has not been setup.  However, if you have the knowledge, then there is a backdoor called fDenyTSConnections which will turn the key to that backdoor.

Of all the services on Windows Server 2003, Remote Desktop is the one service where you most need to plan ahead.  The reason I say this is not because configuring Remote Desktop is difficult, quite the reverse; no my reason is to save you frustration.

Topics for Remotely Editing, Remote Desktop

Enabling Remote Desktop Mission

Our goal is to use a backdoor registry hack to enable Remote Desktop on Windows Server 2003.  Fortunately, Microsoft's Windows Server 2003 has the Terminal Services installed and built-in.  So, our mission is merely to put a tick in Remote Desktop box, which you find in the System Icon, Remote tab.

Let us pretend that you wish to add another service such as RRAS or Certificate Server to a Windows Server 2003 machine.  Inconveniently, this machine is the other side of town, or the other side of the world.  The answer is regedit and fDenyTSConnections.

How to find fDenyTSConnections in the RegistryEnable Remote Desktop

The technique of how I found the 'fDenyTSConnections' setting is instructive in its own right.

  1. Launch Regedit.
  2. Export the registry on the test machine.
  3. Next manually place the tick in the box
  4. Export the registry again.
  5. Run WinDiff to find the single change in the registry.
  6. What I found was that fDenyTSConnections had changed from 1, meaning deny Remote Desktop, to 0 meaning enable, permit that remote desktop connection.
  7. To be quite certain of the double negative logic, find fDenyTSConnections and experiment with adding and removing the tick in the Remote Desktop box.

Note: For more instructions on using Windiff see here

TrainSignal - Recommended Training VideosLearn more about Terminal Services and VPN. As an MCT trainer, I can thoroughly recommend TrainSignal because they provide practical hands on training.  In particular, I like the way TrainSignal cover all learning methods, instructor lead, video and of course text material.  With TrainSignal you can either take one module, for example Terminal Services and VPN or go for a combination of modules.  See more about Terminal Services and VPN here

Registry Setting fDenyTSConnections fDenyTSConnections to configure Remote Desktop, remotely

Now our mission is clear, on the Terminal Services machine, change fDenyTSConnections from =1 to =0.  In order to achieve our mission we need to connect to the registry of the target machine.  My first choice would be Remote Registry.  Open regedit, File Menu, Connect Network Registry.  Naturally, you have to connect to the correct registry hive,
HKLM\System\CurrentControlSet\Control\Terminal Server,  now find the Reg_DWord called fDenyTSConnections and set the value = 0 (zero)

Note: You may have to Start the Remote Registry Service on the target machine.  See here for a WMI Script to start services.

Unfortunately, you have to restart the Windows Server 2003 before the fDenyTSConnections setting takes effect.  There must be service that you could start and stop but I have not found which one that is.  Instead I use the shutdown command with the restart switch.

If you are interested in cost effective Thin Client check out the experts: 2X (Guy's Recommendation)Thin Client 2X

2X ThinClientServer allows you to deploy a thin client OS to low-cost thin client devices and existing PCs, and centrally manage settings and configure to which terminal servers (Windows or Linux) a user should log on to. More on 2X ThinClientServer

2X LoadBalancer for Windows Terminal Services Provides load balancing, increased security and redundancy for Terminal Servers.

Shutdown Command - Remote switch

Shutdown /m \\targetserver /r

The /r means restart.  Mr Angry wrote in saying it should not be /m and /r but -m and -r.  Personally, I find that either a minus or slash works equally well.  With shutdown, beware shooting yourself in the foot and shutting down your own machine instead of the target Windows Server 2003, it sounds hilarious, but actually it's embarrassing.  Again knowledge is power there is a switch to abort a shutdown. See more about Shutdown here.

Another clever idea I have is using a .reg file.  One reason for adding fDenyTSConnections to the registry from a file is that the remote registry service is disabled on the target machine.  So you have a choice of strategies, start the Remote Registry service remotely with a script see here, or remotely execute a .reg file with a shell program.

-

Summary of Terminal Services and fDenyTSConnections

Here we have a precise, but tricky task.  We want to enable Remote Desktop on a distant Terminal Server even though Remote Desktop is specifically denied on that distant server.  Even if you have no need to configure fDenyTSConnections yet, you may like the challenge of testing the technique.  You never know that you may need the combination of Windiff and remote registry editing to solve a similar Microsoft problem.

 Related topics

 .

Google

Webcomputerperformance.co.uk

GFi Events Manager

Guy Recommends: GFi EventsManager

Here is a solution to monitor, manage and archive thousands of events that are generated by devices across your entire network.  Get your free evaluation copy of GFI EventsManager.

 

Home Copyright © 1999-2008 Computer Performance LTD All rights reserved

Please report a broken link, or an error.