Howto: enable remote desktop on a windows xp machine – remotely

I’ve been configuring my LAN for spiceworks this afternoon. The Windows XP firewall is enabled on most of our PCs, and I didn’t want to visit each station to configure it to allow spiceworks to inventory the machine. I’m also not big into group policy here at the office (what the saying about the cobbler’s son’s shoes?) so I didn’t want to make the setting change that way.

My first idea was to use remote desktop to access the computers from my machine. That worked fine, since I have local administrator access on each machine… but I’d have to interrupt each user’s work, log them off, make my firewall adjustments, then tell them it’s okay to log on now… assuming that I could even get into their machines remotely.

I needed a solution for users with remote desktop disabled. If your remote user has administrator access to their machine, have them click on Start – Run and type:

netsh firewall set service remoteadmin enable

netsh firewall set service remotedesktop enable

[note: remoteadmin = remote administration, while remotedesktop = remote assistance and remote desktop]

You can also enable remote desktop over the network via regedit if you have administrator rights to the remote machine:

  1. Run Regedit
  2. Select File –> Connect Network registry
  3. Enter the name of the remote computer and select Check Name
  4. At the bottom of the registry tree you will see 2 Hives appear Hkey_Local_Machine and
    Hkey_Users (under the remote computer’s name)
  5. Goto hklm\system\currentcontrolset\control\terminal server\FdenyTSConnections=1
  6. Change the FdenyTSConnections to 0
  7. Attempt to Re-Login

This worked okay, but I like to implement the most elegant solution possible.

So I fired up the command line on my local machine, and used psexec to configure the firewall service on the remote machine via netsh. The users never even knew I was working on their computer, which is fine by me.

To enable remote access to a machine via the command line, type:

psexec \\remotecomputername netsh firewall set service remoteadmin enable

psexec \\remotecomputername netsh firewall set service remotedesktop enable

If you aren’t familiar with the PStools suite of utilities, and you like administration from the command line, you need to check out the Sysinternals web site. Too bad they were acquired by Microsoft in 2006.

Comments [22]

  1. Is it possible to make this work on Vista clients? I tryed it but it says. “netsh exited on 10.100.4.61 with error code 0.” Don’t know why.

    Would gladly apriciate your help!

    BR //vitali

  2. Vitali –

    Error code 0 is generally programmer speak for it exited successfully. You’d think they’d come up with some more user friendly status messages.

    – Julie

  3. It’s very useful…..
    thanks a lot!
    That registry changes are very great solution…..I survived by walking 6Kms today……
    Once again thanks lots……

  4. Don’t forget
    a) fDenyTSConnections must be = 0 as these psexec commands don’t re-enable it (go figure the remote psexec command to regedit with a suitable .reg file I suppose)
    and note
    b) psexec will probably need [-u user [-p psswd]]

    e.g.
    psexec \\2k3Amd0 -u Administrator -p Ryge0 netsh firewall set service remoteadmin enable

    [ program Name of application to execute. in help is a typo for cmd as in the usage line ]

    ALSO
    From Local Machine

    Type the following to temporarily disable the PC Speaker beep locally. From the local command line : net stop beep

    or
    Permanently on+ at local by : sc config beep start= auto
    off at local by : sc config beep start= disable

    + not checked that – it sure aint enable!

  5. very good article! thank you so much you get the right solution for my problem!

  6. Good solution and articlae if you need it quickly. Better long term solution would be GPO, no?

    Prop for the Spiceworks useage 🙂 Don’t know what I would do without it.

  7. PSTools is awesome. I’ve used pslist and pskill to help people remotely kill locked up applications.

  8. Great the registry worked fine, I didn’t use pstools but for sure i will do for another needs.
    Thanks

  9. Thanks, was just what I needed to connect to my work computer right now! PSTools always comes in handy. Why is it not shipped with Windows by default?

  10. Nice work Julie, Spiceworks rocks, great help, would be great to see you write this up with a How to on the spiceworks community 🙂

  11. I’m seeing the same problem. I can get around it by using the -d argument, but that means I don’t get back the return code from the process I started remotely.

    It gives the workaround, but not ideal.

Leave a Reply

Your email address will not be published. Required fields are marked *