Tuesday, February 08, 2005

Enable Remote Desktop Connections remotely #2

I've received a few comments on my earlier post - one of them is that you can just wait a minute or 2 after changing the registry key instead of rebooting (Patience is a virtue ;-) another one is that the "authorized" way to do this is through WMI -

wmic /node:"Computer Name (FQDN)" /USER:"username" RDTOGGLE WHERE ServerName="Computer Name" CALL SetAllowTSConnections 1

This by the way only works from Windows Server 2003 (Thanks to Per Ø. for pointing this out) - if you need to this from Windows XP it looks like this -

wmic /node:"Computer Name (FQDN)" /USER:"username" PATH win32_terminalservicesetting WHERE (__Class!="") CALL SetAllowTSConnections 1

It's a good suggestion to use WMI (Except that it's easier - for me anyway - to remember the registry key ;-)

18 comments:

Anonymous said...

Thank you for your help on this ive been trying for ages.... But one problem, after the command completes it asks for the password for the admin account on the remote system, only there isnt one set and it just returns Error as Invalid Description...

Thanks

Anonymous said...

and what if I get this:
C:\Documents and Settings\Administrator>wmic /node:"dcmuch408" /USER:"gsdcadmin"
PATH win32_terminalservicesetting WHERE (__Class!="") CALL SetAllowTSConnection
s 1
Enter the password :********

ERROR:
Code = 0x80070005
Description = Access is denied.
Facility = Win32

C:\Documents and Settings\Administrator>wmic /node:"dcmuch408" /USER:"gsdcadmin"
PATH win32_terminalservicesetting WHERE (__Class!="") CALL SetAllowTSConnection
s 1
Enter the password :********

ERROR:
Code = 0x80070005
Description = Access is denied.
Facility = Win32

On MSDN is written this: "By default, this permission is enabled only for Administrators." The user which I use is administrator so where is the problem? They write that I can check this permission by the WMI control connected to that computer, but I was not able to do that yet... but is it necessary? Isn't the problem somewhere else?

Dennis Lundtoft Thomsen said...

Thanks for your comment - I can see two "errors" for one you need to specify the FQDN of the server e.g. dcmuch408.companydomain.org and in my experience its best to specify e.g. dcmuch408\gsdcadmin if its local account or companydomain\gsdcadmin if its a domain account. If that doesn't work then write a new comment.

Anonymous said...

Awesome info! Exactly what I was looking for since remote registry gets disabled on every box I touch.

One problem though, I was able to turn on RD, but after I enter the currently logged on user's credentials, I get a "local policy does not permit you to log on interactively"

Do you happen to know what wmi command I'd have to issue to toggle that setting?

(also, this is the first time I've seen wmi command lines...I'm interested! Definately going to be googling up some more info! Up til now, I've been using sysinternal's psexec to execute commands on remote machines on my LAN's) THANKS!!!

Anonymous said...

C:\>wmic /node:"gs208-106-063.wdc.gs.recongamer.net" /USER:"efonders" PATH win32
_terminalservicesetting WHERE (__Class!="") CALL SetAllowTSConnections 1
Enter the password :*******

ERROR:
Code = 0x800706ba
Description = The RPC server is unavailable.
Facility = Win32

Hi is there anyway to go around this ?

Thank you,

Anonymous said...

This just saved my life!

Awesome stuff...

Anonymous said...

If you are new to WMI and you can learn by "reverse engineering" code. Microsoft has a free tool called WMICodeCreator. It is a free download and can generate VBScript, VB.NET, and C#.NET code. It will show you possible queries, actions, etc. I use it all of the time.

Filip Tsachev said...

I got (XP):

User credentials cannot be used for local connections...

when I executed the wmic command.... too bad..

Anonymous said...

can you try this?
use IP instate of DNS name
C:\Documents and Settings\Administrator>wmic /node:"192.168.1.168" /USER:"gsdcadmin"
PATH win32_terminalservicesetting WHERE (__Class!="") CALL SetAllowTSConnection
s 1
Enter the password :********
I'm sure it will work. but I'm interested if some1 can answer.

Anonymous said...

C:\Documents and Settings\Administrator>wmic /node:"192.168.1.148" /USER:"adminis
trator" PATH win32_terminalservicesetting WHERE (__Class!="") CALL SetAllowTSCon
nections 1
Enter the password :*********

ERROR:
Code = 0x800706ba
Description = The RPC server is unavailable.
Facility = Win32

No luck ...i was not able to start it on the remote PC

Anonymous said...

I'm lazy, so I wrote a small batch file which some of you might find useful for something or another:

-----------------------------------

@echo off
color 0a

Echo Enable Remote Desktop Connections Directly - For Windows XP
echo.
Echo.
rem Batch file by Antonio Cardiel.


echo Enter the IP Address or FQDN you'd like to reach :
echo.
SET Node=
SET /P Node=" Node: "

echo.
echo Enter a username with administrative priviledges on the target system :
echo.
echo Note: Use domain\username format for domain accounts :
echo.
SET user=
SET /P user="Username: "

wmic /node:"%Node%" /USER:"%user%" PATH win32_terminalservicesetting WHERE (__Class!="") CALL SetAllowTSConnections 1
echo.
pause

-----------------------------------

I know there's better ways to do this, but I hope this helps someone.

RAY said...

help!!!!!

this is what i get when running your brilliant script (awesome work):

ERROR:
Code = 0x80070005
Description = Access is denied.
Facility = Win32

Press any key to continue . . .

Dennis Lundtoft Thomsen [MVP] said...

So which OS are you using and are you using and admin account that is member of the local admin's group on your remote machine ?

RAY said...

thanks for the quick reply......

OS is XP pro SP2, the remote computer is the same and yes i am using a local admin account

Dennis Lundtoft Thomsen [MVP] said...

And firewall/policies allow you to do WMI remotely !?

guraqte said...

I am currently having same issue. How does one check to see if Firewall/policies allow the connection. I have ~18 computers and five of them or so get this error. We are running on a group policy for firewall so I don't see how it affects some and not the others (SBS 2003).

Anonymous said...

Hi,

...great site, and awesome info!!! From XP the command works perfectly, but when trying to set the W2K3 command off a W2K3 server, after entering the password of the remote Administrator account I receive the error message:

"No Instance(s) Available."

Anything known about this? BTW.: the machine setting off the command is 32bit, the target machine 64bit.

Regards,

Chris

Anonymous said...

I'm getting "no instance available" from win2k3 and xp. I'm trying to enable it on an XP SP3 box though... that could be the problem.

If I figure it out I'll repost