How do I change Remote Desktop settings in registry?
Enable/Disable RDP GPO From regeditI'm trying to enable/disable the Group Policy Object "Allow users to connect remotely using Remote Desktop Services", found at the following path, by way of regedit and/or CLI: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\ I've tried changing the following two (2) registry keys: HKLM\System\CurrentControlSet\Control\Terminal Server\fDenyTSConnections HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services\fDenyTSConnections When I change the values, no matter if I do a "gpupdate /force", or reboot, the GPO doesn't change. The value does always stay what I set it at, but the GPO isn't changing. I can manually go in and change the GPO and it does change the system/remote settings appropriately. I am joined to a Domain - this is to notify. I would think that if this was a Domain-related issue, I wouldn't be able to manually change the GPO, or the registry values change wouldn't ever save. My end goal here is to be able to disable RDP connections to the machine from CLI or a batch file. Can someone advise? This machine is running the following: Windows 10 v20H2 (Build 19042.844) Thanks. Show
Comment Comment · Show 1 Comment 5 |1600 characters needed characters left characters exceeded
▼
Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total. GraceHE-MSFT · Mar 15, 2021 at 02:17 AM Hi, ---If the suggestions above are helpful, please ACCEPT ANSWER. Really appreciate. This will also help others with similar issue to find this post quickly. --- 0 Votes 0 · GraceHE-MSFT answered • Mar 9, '21 | MikeKachar-5611 commented • Mar 9, '21 Hi, Thank you for posting your query. Here are some suggestions. type LOCAL SECURITY POLICY in the search box -> open local security policy -> local policies ->user rights assignments -> deny log on through Remote Desktop Service ---If the suggestions above are helpful, please ACCEPT ANSWER. Really appreciate. This will also help others with similar issue to find this post quickly. --- microsoftteams-image.png (116.5 KiB) Comment Comment · Show 1 Comment 5 |1600 characters needed characters left characters exceeded
▼
Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total. MikeKachar-5611 · Mar 09, 2021 at 08:16 PM This option/setting is to configure what users and groups are prohibited from logging on as a Remote Desktop Services client. You can see this info when you double-click on the policy, and then go to the "Explain" tab: Deny log on through Remote Desktop Services This security setting determines which users and groups are prohibited from logging on as a Remote Desktop Services client. Default: None. Important This setting does not have any effect on Windows 2000 computers that have not been updated to Service Pack 2. I'm looking to specifically know how to disable the ability to Enable/Disable Remote Desktop via regedit and/or CLI (so I can batch it out), and have it actually modify the Group Policy Object I listed in the original question: Local Computer Policy\Computer Configuration\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Allow users to connect remotely using Remote Desktop Services 0 Votes 0 · GraceHE-MSFT answered • Mar 11, '21 Hi,
---If the suggestions above are helpful, please ACCEPT ANSWER. Really appreciate. This will also help others with similar issue to find this post quickly. --- image.png (175.7 KiB) image.png (111.8 KiB) Comment Comment Show 0 Comment 5 |1600 characters needed characters left characters exceeded
▼
Attachments: Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total. Change the listening port for Remote Desktop on your computer
Is this page helpful?Yes No
Any additional feedback? Feedback will be sent to Microsoft: By pressing the submit button, your feedback will be used to improve Microsoft products and services. Privacy policy. Submit Thank you. In this article
When you connect to a computer (either a Windows client or Windows Server) through the Remote Desktop client, the Remote Desktop feature on your computer "hears" the connection request through a defined listening port (3389 by default). You can change that listening port on Windows computers by modifying the registry.
The next time you connect to this computer by using the Remote Desktop connection, you must type the new port. If you're using a firewall, make sure to configure your firewall to permit connections to the new port number. You can check the current port by running the following PowerShell command: Get-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber"For example: PortNumber : 3389 PSPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp PSParentPath : Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations PSChildName : RDP-Tcp PSDrive : HKLM PSProvider : Microsoft.PowerShell.Core\RegistryYou can also change the RDP port by running the following PowerShell command. In this command, we'll specify the new RDP port as 3390. To add a new RDP Port to the registry: $portvalue = 3390 Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "PortNumber" -Value $portvalue New-NetFirewallRule -DisplayName 'RDPPORTLatest-TCP-In' -Profile 'Public' -Direction Inbound -Action Allow -Protocol TCP -LocalPort $portvalue New-NetFirewallRule -DisplayName 'RDPPORTLatest-UDP-In' -Profile 'Public' -Direction Inbound -Action Allow -Protocol UDP -LocalPort $portvalueRemotely Enable Remote Desktop on Windows 10/ / Information Technology We’ve all been there – we’ve finished at a customer’s site, and need to quickly remote in later on to finish/fix something. Trouble is, Windows doesn’t enable Remote Desktop Protocol by default. There are four steps needed toremotelyenable RDP connections in Windows 10. This guide relies on you being on the same LAN as the remote PC you wish to access – you may already have RDP’ed into another server on that LAN. You must also have Windows administrativeprivilegesfor the remote computer. These instructions work well in a domain environment. Note: If you have access to the computer, you can follow the standard procedure for enabling Remote Desktop. Is there a script to remotely enable remote desktop on Windows Server 2016? Previously we’ve covered how to turn on remote desktop protocol (RDP) using the GUI interface, but those methods don’t work in some scenarios where you do not have physical access to the computer on which you want to enable RDP. In this tutorial we’ll show you how to enable remote desktop remotely using Registry, PowerShell or Command Prompt. Method 1: Enable Remote Desktop Using Registry Tweak Once you are connected to the remote machine’s registry, navigate to the location: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server. In the right pane, double-click the DWORD fDenyTSConnections and change its value from 1 to 0. Reboot your machine and remote desktop should now be accessible. If you need to disable remote desktop in future, just set the value of fDenyTSConnections to 1. Method 2: Enable Remote Desktop Using PowerShell Before getting started, you need to establish a session with the remote computer using PowerShell. Once connected, run the following PowerShell commands to enable remote desktop: Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0 The first command will turn on remote desktop, while the second command will activate the firewall rules that allow remote desktop connections. When you need to disable remote desktop later, run the following commands instead: Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 1 Method 3: Enable Remote Desktop Using Command Prompt If you can open a remote Command Prompt window via SSH, PsExec or WinRS, run the following commands to enable remote desktop and configure Windows Firewall to allow remote desktop connections: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f To disable remote desktop, execute the below commands: reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f That’s all! Related posts:
Posted in Others, Tips & Tricks, Windows 10, Windows 7, Windows 8 Tags: enable remote desktop command line enable remote desktop powershell enable remote desktop registry remotely enable remote desktop windows 10 Steps
Part 1 Part 1 of 2:Enabling Remote Desktop Remotely
Part 2 Part 2 of 2:Troubleshooting
26 Replies
· · ·
Mace OP
Denis Kelley
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
Try this. I have had to do this sometimes. http://thebackroomtech.com/2007/05/18/how-to-enable-remote-desktop-on-a-windows-xp-machine-remotely/ 0
· · ·
Mace OP
Sosipater
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
If there is a user at the remote computer you can get connected using join.me and then enable it yourself. 0
· · ·
Serrano OP
JPo1215 Apr 22, 2011 at 12:01 UTC
Use this script. Works wonders http://community.spiceworks.com/scripts/show/302-enable-or-disable-rdp-remote-desktop-on-remote-system-vbs 0
· · ·
Mace OP
Alex3031
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
I think you have all ready been pointed the right way, there are script that will enable RDP on a system as long as you have remote registry access. It looks like a couple of people have pointed you to scripts all ready. 0
· · ·
Jalapeno OP
chip379811 Apr 22, 2011 at 12:30 UTC
trying the script but it says "make sure you type the right machine name" i have and doesn't work..tried IP, name and nothing 0
· · ·
Chipotle OP
Kendall
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
did you run the script from your PC at home or the server that you are RDPed into? 0
· · ·
Jalapeno OP
chip379811 Apr 22, 2011 at 12:54 UTC
Yea from remote location. 0
· · ·
Serrano OP
Best Answer
Don7478 Apr 22, 2011 at 13:08 UTC
From the onsite computer run Regedit.
In Regedit: In the 'Select Computer' dialogue make sure that the 'Look In' location is correct(should be your domain if applicable)type in the computer name or IP that you want to connect to then click Ok.
Now expand: Once you've opened that key look for fDenyTSConnection Set it to a value of 0 <--a zero
The computer will have to restart for the change to take effect. 1
· · ·
Serrano OP
JPo1215 Apr 22, 2011 at 13:41 UTC
is it possible the computer is off or in sleep mode? Can you ping it? 0
· · ·
Jalapeno OP
chip379811 Apr 22, 2011 at 14:50 UTC
yep it pings. 0
· · ·
Jalapeno OP
chip379811 Apr 22, 2011 at 14:55 UTC
seems as there's no way i can get to this. 0
· · ·
Serrano OP
Don7478 Apr 22, 2011 at 15:05 UTC
The registry edit didn't work? What were the results when you tried? 0
· · ·
Jalapeno OP
chip379811 Apr 22, 2011 at 15:17 UTC
I was able to type the IP and it took me to the enter username and password. I inserted the right username and password and nothing. 0
· · ·
Jalapeno OP
chip379811 Apr 22, 2011 at 15:25 UTC
I was able to use the script just fine to my window servers by simply inserting the IP and it gave me the option to enable and disable, but the problem is i am trying to get to a desktop in the office it just doesn't work. I was able to get a ping from the adress. 0
· · ·
Serrano OP
JPo1215 Apr 22, 2011 at 15:47 UTC
so the script works on the servers, you can ping the desktop which proves connectivity, you can run regedit on the desktop but cant authenticate... do you have admin rights to the desktop? 0
· · ·
Jalapeno OP
chip379811 Apr 22, 2011 at 15:51 UTC
I just found out the desktop is not on the domaincontroller, but can still ping..would that have something to do with it? 0
· · ·
Serrano OP
Don7478 Apr 22, 2011 at 15:53 UTC
Most definitely wold change the permissions required. 0
· · ·
Datil OP
Cazi Apr 22, 2011 at 16:27 UTC
If the desktop is not on the domain you would need to enter local admin credentials when connecting to the remote registry. 0
· · ·
Serrano OP
JPo1215 Apr 22, 2011 at 16:34 UTC
ciprian3798 wrote:
yes it does. in that case: Cazi wrote:
+1 0
· · ·
Jalapeno OP
chip379811 Apr 22, 2011 at 17:17 UTC
i tried and some reason username/password doesn't work. 0
· · ·
Mace OP
Alex3031
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
ciprian3798 wrote:
Might need tobe in the format of PCName\LocalUsername & Password. 0
· · ·
Serrano OP
RjD Apr 23, 2011 at 14:48 UTC
I have also seen where strangely there were no users in the remote desktop group(including local and domain admins), never was too sure the how or why that one occured i just added them into the group and it worked fine afterwards. another thing is the firewalls may be causing blockages check those settings remotely as well for both port and program access 0
· · ·
Habanero OP
CE Harden
This person is a verified professional.
Verify your account
to enable IT peers to see that you are a professional.
I created this a long time age: http://community.spiceworks.com/scripts/show/616-enable-remote-desktop-remotelyand you may like:
http://www.lazynetworkadmin.com/knowledgebase-mainmenu-6/2-windows/68-remote-assistance-take-control-without-permission I make that one a few years back with help from another admin. 0
· · ·
Chipotle OP
lt.son Apr 25, 2011 at 08:39 UTC
I use Remote Enabler. It's quick and easy. http://download.cnet.com/Remote-Desktop-Enabler/3000-2094_4-10572855.html 0
This topic has been locked by an administrator and is no longer open for commenting. To continue this discussion, please ask a new question. |