An article I wrote almost four years ago is still generating a lot of discussion (see the comments beneath the article). The topic was about how to remotely enable Remote Desktop on a Windows Server 2003 machine, and it's a good example of a bootstrap problem: how can I enable Remote Desktop remotely so I can connect remotely using Remote Desktop. This and other crazy problems formed the basis of my book Windows Server Hacks, which documents 100 of these problems and how to solve them.

Reader John Nordien, who is the Server & Storage Architect at Manitoba Lotteries Corporation, recently contacted me concerning my article, indicating that he had written a script called SetRDP.cmd that takes the ideas espoused in my article one step further. John says his company has a corporate policy in place that says remote desktop should be disabled by default on all Windows computers. Naturally, a policy like this can make it difficult to remotely manage such computers. So John wrote a simple script that he could use to remotely enable Remote Desktop, perform his work on the remote machine, and then disable Remote Desktop again easily.

Here's John's description of his script, followed by the script itself. Just copy the script into Notepad and save it as SetRDP.cmd. As with all advice presented in this column, this script is presented "as is" so be sure to test it before using it in a production environment.

"Description: SetRDP.cmd is a script to Enable, Disable, or Check on the setting
of the Remote Desktop checkbox on a remote computer. This script has been tested
to work on Windows XP and Windows Server 2003. The script needs to be run with
appropriate Administrator credentials on the remote computer. It is assumed
that Remote Registry is enabled and firewalls are not blocking access. In addition,
the console registry tool Reg.exe is required."



@echo off


cls

rem

rem Script to configure or check a remote system's Remote Desktop

(RDP) feature.

rem

echo.

echo Script to configure or check a remote system's Remote Desktop

(RDP) feature.

echo.

If %2x == x goto Error

If %1x == x goto Error

If %1x == ONx goto ON

If %1x == onx goto ON

If %1x == OFFx goto OFF

If %1x == offx goto OFF

If %1x == CHECKx goto CHECK

If %1x == checkx goto CHECK

goto Error

:ON

Echo.

echo Setting RDP ON for computer %2

echo.

reg query "\\%2\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server"

/v fDenyTSConnections

reg add "\\%2\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections
/t REG_DWORD /d 0x0 echo.

echo RDP for computer %2 should now be ON.



goto End

:OFF

Echo.

echo Setting AutoLogon OFF for computer %2 echo.

reg query "\\%2\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server"

/v fDenyTSConnections

reg add "\\%2\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections
/t REG_DWORD /d 0x1 echo.

echo RDP for computer %2 should now be OFF.

goto End



:CHECK

echo.

echo Checking RDP state on computer %2

echo.

reg query "\\%2\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server"

/v fDenyTSConnections

goto End



:Error

Echo Usage:

echo SetRDP ON computername

echo SetRDP OFF computername

echo SetRDP CHECK computername

echo.

echo Example: To ENABLE RDP for computer PC1

echo SetRDP ON PC1

echo.

echo Example: To DISABLE RDP for computer PC1

echo SetRDP OFF PC1

echo.

echo Example: To CHECK RDP for computer PC1

echo SetRDP CHECK PC1

echo.

:End



Got tips or scripts you'd like to share with our readers that can help make
enterprise administration easier for them? Email me and I'll share them in a
future edition of this column.

ITworld.com

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine