Howto: enable remote desktop on a windows xp machine – remotely

I’ve been configuring my LAN for spiceworks this afternoon. The Windows XP firewall is enabled on most of our PCs, and I didn’t want to visit each station to configure it to allow spiceworks to inventory the machine. I’m also not big into group policy here at the office (what the saying about the cobbler’s son’s shoes?) so I didn’t want to make the setting change that way.

My first idea was to use remote desktop to access the computers from my machine. That worked fine, since I have local administrator access on each machine… but I’d have to interrupt each user’s work, log them off, make my firewall adjustments, then tell them it’s okay to log on now… assuming that I could even get into their machines remotely.

I needed a solution for users with remote desktop disabled. If your remote user has administrator access to their machine, have them click on Start – Run and type:

netsh firewall set service remoteadmin enable

netsh firewall set service remotedesktop enable

[note: remoteadmin = remote administration, while remotedesktop = remote assistance and remote desktop]

You can also enable remote desktop over the network via regedit if you have administrator rights to the remote machine:

  1. Run Regedit
  2. Select File –> Connect Network registry
  3. Enter the name of the remote computer and select Check Name
  4. At the bottom of the registry tree you will see 2 Hives appear Hkey_Local_Machine and
    Hkey_Users (under the remote computer’s name)
  5. Goto hklm\system\currentcontrolset\control\terminal server\FdenyTSConnections=1
  6. Change the FdenyTSConnections to 0
  7. Attempt to Re-Login

This worked okay, but I like to implement the most elegant solution possible.

So I fired up the command line on my local machine, and used psexec to configure the firewall service on the remote machine via netsh. The users never even knew I was working on their computer, which is fine by me.

To enable remote access to a machine via the command line, type:

psexec \\remotecomputername netsh firewall set service remoteadmin enable

psexec \\remotecomputername netsh firewall set service remotedesktop enable

If you aren’t familiar with the PStools suite of utilities, and you like administration from the command line, you need to check out the Sysinternals web site. Too bad they were acquired by Microsoft in 2006.

22 Responses to “Howto: enable remote desktop on a windows xp machine – remotely”

  1. Software at Cost Says:

    awesome article, excellent tutorial

  2. VItali Says:

    Is it possible to make this work on Vista clients? I tryed it but it says. “netsh exited on with error code 0.” Don’t know why.

    Would gladly apriciate your help!

    BR //vitali

  3. Julie Says:

    Vitali –

    Error code 0 is generally programmer speak for it exited successfully. You’d think they’d come up with some more user friendly status messages.

    – Julie

  4. Howto: Enable Remote Desktop on a Windows 2008 Server Core System « the back room tech Says:

    […] You could also edit the registry directly to enable Terminal Services using the same registry entry I wrote about when describing how to enable remote access for Windows XP machines remotely. […]

  5. Prashant Says:

    It’s very useful…..
    thanks a lot!
    That registry changes are very great solution…..I survived by walking 6Kms today……
    Once again thanks lots……

  6. Hank Says:

    Excellent, it worked.

    Great tip.

  7. thetechieguy Says:

    Very kewl info !

  8. Mark Says:

    Don’t forget
    a) fDenyTSConnections must be = 0 as these psexec commands don’t re-enable it (go figure the remote psexec command to regedit with a suitable .reg file I suppose)
    and note
    b) psexec will probably need [-u user [-p psswd]]

    psexec \\2k3Amd0 -u Administrator -p Ryge0 netsh firewall set service remoteadmin enable

    [ program Name of application to execute. in help is a typo for cmd as in the usage line ]

    From Local Machine

    Type the following to temporarily disable the PC Speaker beep locally. From the local command line : net stop beep

    Permanently on+ at local by : sc config beep start= auto
    off at local by : sc config beep start= disable

    + not checked that – it sure aint enable!

  9. tool man Says:

    excellent article!

    saved me hours of running around.

  10. แหล่งรวม Script Window Scripts ต่าง ๆ | BLOG [in] TREND : เว็บบล็อกดี ๆ ที่ อินเทรนด์ Says:

    […]… ที่มา : […]

  11. Philip Says:

    Very helpful. Thank you so much.

  12. Pohar Says:

    sc config beep start= disableD

  13. Smee Says:

    You’re a lifesaver!!!

  14. 3389 port acm modem ayarlarna girmeden Says:

    […] komutuyla firewall zerinde rdp portuna izin verebilirsin. Howto: enable remote desktop on a windows xp machine – remotely the back room tech lostmaze`s imzasi: [Only registered and activated users can see links. ] —- [Only registered […]

  15. midnightghost95 Says:

    very good article! thank you so much you get the right solution for my problem!

  16. Mike Slo Says:

    Good solution and articlae if you need it quickly. Better long term solution would be GPO, no?

    Prop for the Spiceworks useage 🙂 Don’t know what I would do without it.

  17. das clown Says:

    PSTools is awesome. I’ve used pslist and pskill to help people remotely kill locked up applications.

  18. Albert Says:

    Great the registry worked fine, I didn’t use pstools but for sure i will do for another needs.

  19. Martin Says:

    Thanks, was just what I needed to connect to my work computer right now! PSTools always comes in handy. Why is it not shipped with Windows by default?

  20. Andrew Phelps Says:

    Nice work Julie, Spiceworks rocks, great help, would be great to see you write this up with a How to on the spiceworks community 🙂

  21. db Says:

    You saved my life!!!!!!!!!!!!!!!

  22. bharath vn Says:

    I’m seeing the same problem. I can get around it by using the -d argument, but that means I don’t get back the return code from the process I started remotely.

    It gives the workaround, but not ideal.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: