I’ve been configuring my LAN for spiceworks this afternoon. The Windows XP firewall is enabled on most of our PCs, and I didn’t want to visit each station to configure it to allow spiceworks to inventory the machine. I’m also not big into group policy here at the office (what the saying about the cobbler’s son’s shoes?) so I didn’t want to make the setting change that way.
My first idea was to use remote desktop to access the computers from my machine. That worked fine, since I have local administrator access on each machine… but I’d have to interrupt each user’s work, log them off, make my firewall adjustments, then tell them it’s okay to log on now… assuming that I could even get into their machines remotely.
I needed a solution for users with remote desktop disabled. If your remote user has administrator access to their machine, have them click on Start – Run and type:
netsh firewall set service remoteadmin enable
netsh firewall set service remotedesktop enable
[note: remoteadmin = remote administration, while remotedesktop = remote assistance and remote desktop]
You can also enable remote desktop over the network via regedit if you have administrator rights to the remote machine:
- Run Regedit
- Select File –> Connect Network registry
- Enter the name of the remote computer and select Check Name
- At the bottom of the registry tree you will see 2 Hives appear Hkey_Local_Machine and
Hkey_Users (under the remote computer’s name) - Goto hklm\system\currentcontrolset\control\terminal server\FdenyTSConnections=1
- Change the FdenyTSConnections to 0
- Attempt to Re-Login
This worked okay, but I like to implement the most elegant solution possible.
So I fired up the command line on my local machine, and used psexec to configure the firewall service on the remote machine via netsh. The users never even knew I was working on their computer, which is fine by me.
To enable remote access to a machine via the command line, type:
psexec \\remotecomputername netsh firewall set service remoteadmin enable
psexec \\remotecomputername netsh firewall set service remotedesktop enable
If you aren’t familiar with the PStools suite of utilities, and you like administration from the command line, you need to check out the Sysinternals web site. Too bad they were acquired by Microsoft in 2006.
February 21, 2008 at 2:02 pm
awesome article, excellent tutorial
March 5, 2008 at 4:40 am
Is it possible to make this work on Vista clients? I tryed it but it says. “netsh exited on 10.100.4.61 with error code 0.” Don’t know why.
Would gladly apriciate your help!
BR //vitali
March 5, 2008 at 6:11 am
Vitali -
Error code 0 is generally programmer speak for it exited successfully. You’d think they’d come up with some more user friendly status messages.
- Julie
March 17, 2008 at 11:37 am
[...] You could also edit the registry directly to enable Terminal Services using the same registry entry I wrote about when describing how to enable remote access for Windows XP machines remotely. [...]
March 24, 2008 at 2:27 am
It’s very useful…..
thanks a lot!
That registry changes are very great solution…..I survived by walking 6Kms today……
Once again thanks lots……
April 16, 2008 at 12:04 am
Excellent, it worked.
Great tip.
April 25, 2008 at 4:21 am
Very kewl info !
May 31, 2008 at 7:32 pm
Don’t forget
a) fDenyTSConnections must be = 0 as these psexec commands don’t re-enable it (go figure the remote psexec command to regedit with a suitable .reg file I suppose)
and note
b) psexec will probably need [-u user [-p psswd]]
e.g.
psexec \\2k3Amd0 -u Administrator -p Ryge0 netsh firewall set service remoteadmin enable
[ program Name of application to execute. in help is a typo for cmd as in the usage line ]
ALSO
From Local Machine
Type the following to temporarily disable the PC Speaker beep locally. From the local command line : net stop beep
or
Permanently on+ at local by : sc config beep start= auto
off at local by : sc config beep start= disable
+ not checked that – it sure aint enable!
June 19, 2008 at 6:14 pm
excellent article!
saved me hours of running around.
June 24, 2008 at 1:29 am
[...] http://thebackroomtech.wordpress.com/2007/05/18/how-to-enable-remote-desktop-on-a-windows-xp-machine… ที่มา : http://scriptcenter.itms.dk/ [...]
July 30, 2008 at 2:06 pm
Very helpful. Thank you so much.
August 24, 2008 at 4:35 am
sc config beep start= disableD
December 9, 2008 at 7:38 pm
You’re a lifesaver!!!
January 1, 2009 at 12:27 pm
[...] komutuyla firewall zerinde rdp portuna izin verebilirsin. Howto: enable remote desktop on a windows xp machine – remotely the back room tech lostmaze`s imzasi: [Only registered and activated users can see links. ] —- [Only registered [...]
January 29, 2009 at 9:38 pm
very good article! thank you so much you get the right solution for my problem!
February 27, 2009 at 12:37 am
Good solution and articlae if you need it quickly. Better long term solution would be GPO, no?
Prop for the Spiceworks useage
Don’t know what I would do without it.
March 7, 2009 at 12:10 am
PSTools is awesome. I’ve used pslist and pskill to help people remotely kill locked up applications.
March 21, 2009 at 2:24 pm
Great the registry worked fine, I didn’t use pstools but for sure i will do for another needs.
Thanks
April 18, 2009 at 7:30 am
Thanks, was just what I needed to connect to my work computer right now! PSTools always comes in handy. Why is it not shipped with Windows by default?
May 15, 2009 at 3:54 pm
Nice work Julie, Spiceworks rocks, great help, would be great to see you write this up with a How to on the spiceworks community
May 21, 2010 at 4:18 am
You saved my life!!!!!!!!!!!!!!!
October 23, 2010 at 11:56 am
I’m seeing the same problem. I can get around it by using the -d argument, but that means I don’t get back the return code from the process I started remotely.
It gives the workaround, but not ideal.