I’ve been configuring my LAN for spiceworks this afternoon. The Windows XP firewall is enabled on most of our PCs, and I didn’t want to visit each station to configure it to allow spiceworks to inventory the machine. I’m also not big into group policy here at the office (what the saying about the cobbler’s son’s shoes?) so I didn’t want to make the setting change that way.
My first idea was to use remote desktop to access the computers from my machine. That worked fine, since I have local administrator access on each machine… but I’d have to interrupt each user’s work, log them off, make my firewall adjustments, then tell them it’s okay to log on now… assuming that I could even get into their machines remotely.
I needed a solution for users with remote desktop disabled. If your remote user has administrator access to their machine, have them click on Start – Run and type:
netsh firewall set service remoteadmin enable
netsh firewall set service remotedesktop enable
[note: remoteadmin = remote administration, while remotedesktop = remote assistance and remote desktop]
You can also enable remote desktop over the network via regedit if you have administrator rights to the remote machine:
- Run Regedit
- Select File –> Connect Network registry
- Enter the name of the remote computer and select Check Name
- At the bottom of the registry tree you will see 2 Hives appear Hkey_Local_Machine and
Hkey_Users (under the remote computer’s name)
- Goto hklm\system\currentcontrolset\control\terminal server\FdenyTSConnections=1
- Change the FdenyTSConnections to 0
- Attempt to Re-Login
This worked okay, but I like to implement the most elegant solution possible.
So I fired up the command line on my local machine, and used psexec to configure the firewall service on the remote machine via netsh. The users never even knew I was working on their computer, which is fine by me.
To enable remote access to a machine via the command line, type:
psexec \\remotecomputername netsh firewall set service remoteadmin enable
psexec \\remotecomputername netsh firewall set service remotedesktop enable
If you aren’t familiar with the PStools suite of utilities, and you like administration from the command line, you need to check out the Sysinternals web site. Too bad they were acquired by Microsoft in 2006.