Enable Remote Desktop Over a Network On Demand

Remote Desktop is one of the most important support tools for administrators of remote computers, but it’s often not enabled on desktop systems when you need it. If you know what you’re looking for, however, it’s fairly easy to enable it remotely on a network.

The Remote Desktop service on desktop systems is always running, even if remote access is disabled. Whether remote connections are enabled or disabled is controlled by a value named fDenyTSConnections under the registry key HKEY_LOCAL_ MACHINE\SYSTEM\Current- ControlSet\Control\Terminal Server. By default, this value is 1 (which is disabled). When you use the Remote tab in the System Properties dialog box to enable Remote Desktop access (shown in Figure 1 for a computer running Windows Vista), this value changes to 0.

Because you can enable remote connections through the registry, you have a wide range of options for modifying Remote Desktop access. Essentially, any technique for accessing a registry value will work, including the following:

You can open regedit, connect to the remote computer, then change the value.
You can have a PC import a .reg file on startup.
You can use Windows Management Instrumentation’s (WMI’s) System Registry provider to make the change from a script.
You can use reg.exe to make the change from the command line or a script.

Many administrators seem to need to enable Remote Desktop access on the fly. It’s also usually a good practice to turn the remote connection back off when you’re done using it. So, to simplify the process of checking whether Remote Desktop is enabled, enabling it if it’s not, and disabling it after you’re done using it, I wrote three one-line .cmd scripts: CheckRD.cmd, RDOn.cmd, and RDOff.cmd.

To check whether a computer has Remote Desktop enabled, you can run the CheckRD.cmd script in Listing 3. To download it and the other scripts, click the Download the Code Here button at the top of this article. CheckRD .cmd and the other two scripts take a single command-line argument: the name of the remote computer to connect to. For example, if you want to use CheckRD.cmd to see whether Remote Desktop is enabled on the remote computer named Client07, you’d run the command

CheckRD Client07

You can also use this script to check the setting on the local system. Just specify a period (.) as the name of the host computer. No matter whether you check a local or remote system, the script returns the value of fDenyTSConnections. If Remote Desktop is disabled, 0x1 is returned. If it’s enabled, 0x0 is returned.

To enable Remote Desktop, you can run RDOn.cmd, which Listing 4 shows. You need to run this script from an account that has sufficient privileges to change the remote machine’s registry. To enable access on the Client07 computer, you’d run the script with the command

RDOn Client07

You’ll be able to immediately make a remote connection.

If you need to disable Remote Desktop after you’re done using it, you can run RDOff.cmd in Listing 5. For example, to turn Remote Desktop off on the Client07 computer, you’d use the command

RDOff Client07

As you can see, CheckRD .cmd, RDOn.cmd, and RDOff .cmd are simple scripts. But don’t let their simplicity deceive you. These scripts let you easily enable and disable a computer’s remote connection on demand.

—Alex K.
Angelopoulos
Senior Network Engineer

End of Article

::RemoteDesktopTool.bat Built by Steve Signorelli.
::Inspired by —Alex K. Angelopoulos and InstantDoc #98551

@ECHO OFF
:Prompt
::Prompting technician for machine name/IP which to connect
SET /P TargetMachine=Please enter the machine name or IP address:
CLS
ECHO Remote Desktop Check on \\%TargetMachine%
:Menu
ECHO.
ECHO 1. Remote Desktop Check (Enabled 0x0 or disabled 0x1)
ECHO 2. Remote Desktop On (0x0)
ECHO 3. Remote Desktop Off (0x1)

set choice=
set /p choice=Please type in your choice and press enter.
if not '%choice%'==' set choice=%choice:~0,1%
if '%choice%'=='1' goto RemoteDesktopCheck
if '%choice%'=='2' goto RemoteDesktopOn
if '%choice%'=='3' goto RemoteDesktopOff
ECHO "%choice%" is not valid please try again
ECHO.
goto Menu

::Listing 3: CheckRD.cmd
:RemoteDesktopCheck
@reg query "\\%TargetMachine%\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections
GOTO Prompt

::Listing 4: RDOn.cmd
:RemoteDesktopOn
@reg add "\\%TargetMachine%\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f
GOTO Prompt

::Listing 5: RDOff.cmd
:RemoteDesktopOff
@reg add "\\%TargetMachine%\HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f
GOTO Prompt

stevesig May 02, 2008 (Article Rating:

)

This is impressive, Steve. I had considered integrating everything into one script, but didn't for one simple reason: I was too lazy. :)
The prompting was a nice touch as well. I normally write scripts so that they work quietly as part of a toolchain, but your technique is much more appropriate since the script is really about a task performed for a single machine during remote support.

AlexKAngelopoulos May 06, 2008 (Article Rating:

)

You must log on before posting a comment.

If you don't have a username & password, please register now.