Introduction to How to Configure Remote Desktop – Remotely
One of the most annoying situations is when you know that the Windows 2003 Server is up and running, but you cannot connect because Remote Desktop has not been setup. However, if you have the knowledge, then there is a backdoor called fDenyTSConnections which will turn the key to that backdoor.
Of all the services on Windows Server 2003 or 2008, Remote Desktop is the one service where you most need to plan ahead. The reason I say this is not because configuring Remote Desktop is difficult, quite the reverse; no my reason is to save you frustration.
Topics for Remotely Editing, Remote Desktop
- Enabling Remote Desktop Mission
- How to find fDenyTSConnections in the Registry
- Editing the Registry setting: fDenyTSConnections
- Remote Desktop in Windows Server 2012
- Server Shutdown Command
Our goal is to use a backdoor registry hack to enable Remote Desktop on Windows Server 2003. Fortunately, Microsoft’s Windows Server 2003 has the Terminal Services installed and built-in. So, our mission is merely to put a tick in Remote Desktop box, which you find in the System Icon, Remote tab.
Let us pretend that you wish to add another service such as RRAS or Certificate Server to a Windows Server 2003 machine. Inconveniently, this machine is the other side of town, or the other side of the world. The answer is regedit and fDenyTSConnections
The technique of how I found the ‘fDenyTSConnections’ setting is instructive in its own right.
- Launch Regedit.
- Export the registry on the test machine.
- Next manually place the tick in the box
- Export the registry again.
- Run WinDiff to find the single change in the registry.
- What I found was that fDenyTSConnections had changed from 1, meaning deny Remote Desktop, to 0 meaning enable, permit that remote desktop connection.
- To be quite certain of the double negative logic, find fDenyTSConnections and experiment with adding and removing the tick in the Remote Desktop box.
Now our mission is clear, on the Terminal Services machine, change fDenyTSConnections from =1 to =0. In order to achieve our mission we need to connect to the registry of the target machine. My first choice would be Remote Registry. Open regedit, File Menu, Connect Network Registry. Naturally, you have to connect to the correct registry hive,
HKLM\System\CurrentControlSet\Control\Terminal Server, now find the Reg_DWord called fDenyTSConnections and set the value = 0 (zero)
Note: You may have to Start the Remote Registry Service on the target machine. See here for a WMI Script to start services.
Unfortunately, you have to restart the Windows Server 2003 before the fDenyTSConnections setting takes effect. There must be service that you could start and stop but I have not found which one that is. Instead I use the shutdown command with the restart switch.
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
Perhaps the NPM’s best feature is the way it suggests solutions to network problems. Its second best feature is the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you give this Network Performance Monitor a try.
Shutdown /m \\targetserver /r
The /r means restart. Mr Angry wrote in saying it should not be /m and /r but -m and -r. Personally, I find that either a minus or slash works equally well. With shutdown, beware shooting yourself in the foot and shutting down your own machine instead of the target Windows Server 2003, it sounds hilarious, but actually it’s embarrassing. Again knowledge is power there is a switch to abort a shutdown.
Another clever idea I have is using a .reg file. One reason for adding fDenyTSConnections to the registry from a file is that the remote registry service is disabled on the target machine. So you have a choice of strategies, start the Remote Registry service remotely with a script see here, or remotely execute a .reg file with a shell program.
Summary of Terminal Services and fDenyTSConnections
Here we have a precise, but tricky task. We want to enable Remote Desktop on a distant Terminal Server even though Remote Desktop is specifically denied on that distant server. Even if you have no need to configure fDenyTSConnections yet, you may like the challenge of testing the technique. You never know that you may need the combination of Windiff and remote registry editing to solve a similar Microsoft problem.
If you like this page then please share it with your friends