Tuesday, December 21, 2004

Enabling Remote Desktop Remotely

Run the following from a Windows XP or Windows Server 2003 PC:

WMIC /NODE:"client" /USER:"nwtraders\administrator" RDTOGGLE WHERE ServerName="client" CALL SetAllowTSConnections 1

Monday, December 06, 2004

Two Logins To Install Software

With Windows XP you sometimes see that your Group Policy settings take two reboots or two logins to work. This is because Windows XP operates (by default) in a mode called Fast Logon Optimization. This means that the computer boots and logs in quicker, but it does mean that events that should occur during the computers boot or login will be delayed until the second boot or login.

Examples of events that this effects are software installations via Group Policy and folder redirection (i.e. home folders). During (or usually just after) the first boot/logon XP sets a flag and then during the second boot/logon Windows operates one time only without the Fast Logon enabled.

An example of the two events that appear in the event log (in chronological order) are:

Event Type: Warning
Event Source: Application Management
Event Category: None
Event ID: 108
Date:
Time:

Event Type: Warning
Event Source: Application Management
Event Category: None
Event ID: 101
Date:
Time:

This behaviour can be changed by turning the Fast Logon Optimization off. This can be switched on and off via Group Policy and the following setting:

Computer Configuration
Administrative Templates
System
Logon
Always wait for the network at computer startup and logon

More on Fast Logon Optimization can be found in article 305293 at Microsoft Support.

Outlook Profile Wizard

Fill in the information at the form here to create a valid profile for configuring Outlook 2003 to allow the client to connect to the Exchange Server without the need of a VPN from the internet (known as RPC over HTTP).

This will create a .PRF file that you can offer for download to users. Users will need to log-in twice for this to work though (or rather, be prompted twice for username and password, after which it will work)

Setting Remote Desktop to an Alternate Port

The default port for Remote Desktop is 3389, but there are cases where it is useful to change this port, for example on the external interface of a firewall should you be providing remote support of said firewall. These steps are known to work on Windows XP and Windows Server 2003. They have not been tested by me on other versions of Windows.

On the Remote Desktop Server

  1. Start Registry Editor (Regedt32.exe).

  2. Locate the following key in the registry:

    HKEY_LOCAL_MACHINE\ System\ CurrentControlSet\ Control\ TerminalServer\ WinStations\ RDP-Tcp\ PortNumber

  3. On the Edit menu, click Modify, click Decimal, type the new port number, and
    then click OK.

  4. Quit Registry Editor.


On the Client

  1. Click Start, click All Programs, point to Accessories,
    point to Communications, and then click Remote Desktop Connection.

  2. In the Computer box, type the computer name or IP address of the
    computer to which you want to connect, followed by a colon (:) and the port
    number you want to use.

    For example, to connect to port 3390 on a computer named "MyXPPro,"
    type the following information: MyXPPro:3390

    To connect to port 3391 on a computer with IP address 10.10.10.1,
    type the following information: 10.10.10.1:3391

More information at

http://support.microsoft.com/default.aspx?scid=kb;en-us;306759
and

http://support.microsoft.com/default.aspx?scid=kb;en-us;304304

Enabling Remote Desktop During Installation

If you are installing a number of servers and you want to ensure that Remote
Desktop is enabled on each then add the following lines to the unattend file
that you are using to build the Windows servers (or XP client)

[TerminalServices]
AllowConnections=1

How to enable remote desktop remotely

Lots of sites on the internet discuss how to enable remote desktop in Windows XP and Windows 2003 Server, but the majority of them require you to have physical access to the computer first. So how do you enable remote desktop when you do not have physical access to the computer. It is all to do with the registry!

  1. Make a network connection to the remote computer to ensure that you have administrative access to the machine (i.e. \\computer\c$). This will prompt for a username and password of the administrator. Enter the correct details.

  2. Start the registry editor regedit.exe (and not the older application regedt32.exe if it exists - it does not in later releases of Windows)

  3. Choose File, Connect Network Registry

  4. Enter the computer name as above.

  5. Navigate to HKEY_LOCAL_MACHINE\ SYSTEM\ CurrentControlSet\ Control\ Terminal Server for the registry settings for the remote computer (take care not to select your own desktop)

  6. Double-click fDenyTSConnections.

  7. Change the value of this setting to 0 to enable Remote Desktop or 1 to disable it, and click OK.

  8. If your remote computer has multiple network cards and you want to ensure that Remote Desktop is operating only on a selected card then navigate to the following registry location: (as above)\WinStations\ RDP-Tcp and note the LanAdapter value. If this is 0 Remote Desktop operates on all networks, and if this is another number then it operates only on the network as identified in the (as first)\lanatable registry key

  9. Disconnect the remote computer from the registry editor using File, Disconnect Network Registry, and selecting the correct remote computer in the list.

  10. Finally, you need to restart the computer remotely.

Note: Subsequent to publishing this I have discovered a much quicker way using Windows management Instrumentation command line (WMIC). See here for more on this.