How to write a script to create a remote desktop connection

Well a .RDP file is just a text file in fact so you can soon make those changes and issue an RDP file.  If you let us know what you want to be in there then we can write a script to make them, but as an example here is one of my RDP files.... Easiest method to get the settings you want is to open MSTSC, set the settings you want and Save As into an RDP file.

If you want to that amending then give us the bare details and we can amend.

The bits starting redirect are what they sounds like, and the
alternate shell:s: and shell working directory:s: lines are where your program / dir. will end up.

Steve

screen mode id:i:1
desktopwidth:i:1024
desktopheight:i:768
session bpp:i:16
winposstr:s:2,3,1729,23,2761,818
full address:s:128.127.1.249
compression:i:1
keyboardhook:i:2
audiomode:i:0
redirectdrives:i:1
redirectprinters:i:0
redirectcomports:i:0
redirectsmartcards:i:0
displayconnectionbar:i:1
autoreconnection enabled:i:1
username:s:administrator
domain:s:dragon-it.local
alternate shell:s:
shell working directory:s:
password (an encypted string)
disable wallpaper:i:1
disable full window drag:i:1
disable menu anims:i:0
disable themes:i:1
disable cursor setting:i:0
bitmapcachepersistenable:i:1

If you are talking about getting this to multiple users then create your RDP file and could copy it to their machines remotely, send by email for them to save or drop in login script to copy down to desktop etc.  Please elaborate on what you would like.

Steve

I would instead change the Terminal Server settings for those users. You can put in the same info (application to start, redirection, ...), and they cannot override that. Much better from an admin POV.

I can create the RDP file, and send it to the multiple users.  But the permissions will have to be set on each user account.  for instance, I need to Change permissions on each user account so that they have only Traverse Folder / Execute file permissions.  I figured, if I could send them a batch file that they just ran, the rdp would get created with those permissions.  I also want them to change the icon of that RDP, so that the user does not even realise that they are logging on remotely.

Good point Qlemo if this is talking to a specific terminal server, would certainly amend it there!

Why not have them all point at an RDP file on a server share if you wish?

Put your RDP file at \\server\share\somereadonlydir\Yourserver.rdp

Create a shortcut in the same dir, amend the icon for the shortcut (remembering to put the icon in the same dir, or it will be in the same path on all machines).

Either point people to this shortcut, or copy it down to people's desktops through login script or whatever.  If you set the NTFS permissions as you wish on the file then you could do say something like this from your logins script and/or set the "read only" attribute on it:

xcopy /d /o /r /k "\\server\share\somereadonlydir\Yourserver.lnk" "%userprofile\Desktop"

Steve

The problem with that is that the users are not on a domain.  They are on a workgroup.  This is why I wanted to mail the batch file to them.

If they are copying the file somewhere, they have access to it, because they are the owner. Not much use that way. Of course you can go and set up the privileges and fies per batch, but I would definitely harden that setting by changing the user properties. E.g. with PowerShell or VB doing a bulk change on user accounts' TS settings should not be a big issue.

Ahh OK, clearer.  You can soon set cacls on an RDP to set ther permissions then. Can you supply us an example RDP file you want to create then please.

e.g. this could create an RDP file on the fly with the user's current name in (maybe appropriate, maybe not), on the users desktop and mark it read only and change ntfs permissions for the current user to read:

@echo off
(echo screen mode id:i:1
echo desktopwidth:i:1024
echo desktopheight:i:768
echo session bpp:i:16
echo winposstr:s:2,3,1729,23,2761,818
echo full address:s:128.127.1.249
echo compression:i:1
echo keyboardhook:i:2
echo audiomode:i:0
echo redirectdrives:i:1
echo redirectprinters:i:0
echo redirectcomports:i:0
echo redirectsmartcards:i:0
echo displayconnectionbar:i:1
etc.) > "%userprofile%\desktop\Your App.rdp"
attrib "%userprofile%\desktop\Your App.rdp" +r
cacls "%userprofile%\desktop\Your App.rdp" /P %username%:r
Steve

Thanks dragon.

An example RDP, that I need to create looks like this:

screen mode id:i:1
use multimon:i:0
desktopwidth:i:1366
desktopheight:i:768
session bpp:i:32
winposstr:s:0,1,4,0,1353,728
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:2
displayconnectionbar:i:1
disable wallpaper:i:1
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i:1
full address:s:192.0.0.0
audiomode:i:0
redirectprinters:i:0
redirectcomports:i:0
redirectsmartcards:i:1
redirectclipboard:i:0
redirectposdevices:i:0
redirectdirectx:i:1
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:Application.exe
shell working directory:s:c:\Program Files\ffm\
gatewayhostname:s:
gatewayusagemethod:i:4
gatewaycredentialssource:i:4
gatewayprofileusagemethod:i:0
promptcredentialonce:i:1
use redirection server name:i:0
username:s:SERVER\USER01
drivestoredirect:s:

I just want it, such that the users cannot remove, edit this RDP, because it is enabling the user to log on directly to an application as soon as they double click on the icon.  Also, can I also change the icon of the RDP?

Can't think of a native way of changing the icon without using another tool which won't be there, or the like.

Maybe a self extracing ZIP file or the like would be a better plan as then it could be all in place and extracted to the relevant dir?

Steve

I was thinking of creating a shortcut to the RDP.  That way, I would be able to change the icon.

Also, can you explain this line to me:

cacls "%userprofile%\desktop\Your App.rdp" /P %username%:r
Steve
 
Does that mean that this will need to change for eash user?

That would pickup the current logged on user name and amend the permissions of the file on their desktop (assuming this is under their userprofile, e.g. c:\users\stephen\desktop) to read only (the R).

cacls "%userprofile%\desktop\Your App.rdp" /P %username%:r


Steve

Sorry, I'm just trying to understand, for me to load this as a batch file, do I use:

cacls "%userprofile%\desktop\Your App.rdp" /P %username%:r

And this will apply read permissions to any user that installs this batch file?

it will apply it for the user running the batch file... But  then it will be their desktop anyway.

As they are the owner of the file having created it they could give themselves full control back in secuirty tab if they know how to.

Steve

Ok, I created this:  I ran it, and nothing happened.  What am I doing wrong?

@echo off
(echo screen mode id:i:1
echo use multimon:i:0
echo desktopwidth:i:1366
echo desktopheight:i:768
echo session bpp:i:32
echo winposstr:s:0,1,4,0,1353,728
echo compression:i:1
echo keyboardhook:i:2
echo audiocapturemode:i:0
echo videoplaybackmode:i:1
echo connection type:i:2
echo displayconnectionbar:i:1
echo disable wallpaper:i:1
echo allow font smoothing:i:0
echo allow desktop composition:i:0
echo disable full window drag:i:1
echo disable menu anims:i:1
echo disable themes:i:0
echo disable cursor setting:i:0
echo bitmapcachepersistenable:i:1
echo full address:s:192.0.0.0
echo audiomode:i:0
echo redirectprinters:i:0
echo redirectcomports:i:0
echo redirectsmartcards:i:1
echo redirectclipboard:i:0
echo redirectposdevices:i:0
echo redirectdirectx:i:1
echo autoreconnection enabled:i:1
echo authentication level:i:2
echo prompt for credentials:i:0
echo negotiate security layer:i:1
echo remoteapplicationmode:i:0
echo alternate shell:s:MyApp.exe
echo shell working directory:s:c:\Program Files\ffm\
echo gatewayhostname:s:
echo gatewayusagemethod:i:4
echo gatewaycredentialssource:i:4
echo gatewayprofileusagemethod:i:0
echo promptcredentialonce:i:1
echo use redirection server name:i:0
echo username:s:SERVER1\USER01
echo drivestoredirect:s:)
 > "%userprofile%\desktop\MyApp.rdp"
attrib "%userprofile%\desktop\MyApp.rdp" +r
cacls "%userprofile%\desktop\MyApp.rdp" /P %username%:r

try moving the ) down to same line as > redirect or vice versa.  sorry on mobile at mo. So if have missed anything else will look when back on pc in a bit.

Depending upon os/config your desktop may not be at desktop folder under user profile.  if it doesnt appear on desktop have a look to see if that dir exists.  we can get desktop directory other ways if needed, that is quick easy way...

Steve

Steve

I tried that, but I am gettin an error message that says:

'@' is not recognized as an internal or external command, operable program or batch file"

Hmm, only @ I can see is at the top.  Did you save it using notepad or something else as it works for me - this is Win7 for now.  At least it creates te RDP file.  It could also be the start in path needs quotes around it within the RDP, not sure but will see once you try and use it.

What does:

echo %username%

show from cmd.exe prompt?

Steve

@echo off
(echo screen mode id:i:1
echo use multimon:i:0
echo desktopwidth:i:1366
echo desktopheight:i:768
echo session bpp:i:32
echo winposstr:s:0,1,4,0,1353,728
echo compression:i:1
echo keyboardhook:i:2
echo audiocapturemode:i:0
echo videoplaybackmode:i:1
echo connection type:i:2
echo displayconnectionbar:i:1
echo disable wallpaper:i:1
echo allow font smoothing:i:0
echo allow desktop composition:i:0
echo disable full window drag:i:1
echo disable menu anims:i:1
echo disable themes:i:0
echo disable cursor setting:i:0
echo bitmapcachepersistenable:i:1
echo full address:s:192.0.0.0
echo audiomode:i:0
echo redirectprinters:i:0
echo redirectcomports:i:0
echo redirectsmartcards:i:1
echo redirectclipboard:i:0
echo redirectposdevices:i:0
echo redirectdirectx:i:1
echo autoreconnection enabled:i:1
echo authentication level:i:2
echo prompt for credentials:i:0
echo negotiate security layer:i:1
echo remoteapplicationmode:i:0
echo alternate shell:s:MyApp.exe
echo shell working directory:s:c:\Program Files\ffm\
echo gatewayhostname:s:
echo gatewayusagemethod:i:4
echo gatewaycredentialssource:i:4
echo gatewayprofileusagemethod:i:0
echo promptcredentialonce:i:1
echo use redirection server name:i:0
echo username:s:SERVER1\USER01
echo drivestoredirect:s:
) > "%userprofile%\desktop\MyApp.rdp" 
attrib "%userprofile%\desktop\MyApp.rdp" +r
cacls "%userprofile%\desktop\MyApp.rdp" /P %username%:r

Select allOpen in new window

In the batch file as shown last there is only one @, and that one is correct. No clue what you did different, so either review your batch for extranous characters or post the batch again.

There could indeed be some ampersands, ats, spaces and other "invalid" characters in the %userprofile% var, so enclosing in double quotes is a good idea.

I used notepad to create it.  

Echo %username% returns my username that I am logged on as.

OK, well aside from the userprofile possibility (and it does have " " around it so should be OK) the vesion in http:#37056091 above I have specifically tested exactly as is and it adds the RDP file on my desktop OK.

Can you run it from cmd.exe please having removed the @echo off line at the top to see where it is having a problem.

Does the RDP file get created at all?

If we are talking about after it has started the RDP session from the icon then you will most likely need " " around the path / program file names if they have spaces in.


Steve

Without the @echo off, it gives me the same error, just saying '<blank space>' is not recognized as in internal or external command operable program or batch file.

It does not create the RDP at all.

OK.  Odd.  This is the exact same script as above, not edited?

I have saved it here for you and attached.  Have a try with that.  Could it be it got saved as UTF encoded or something from Notepad?

I have atatched here.  Only thing I've added now is echo Y| before the cacls command as it asks "Are you sure Y/N" as you are taking your own rights away.

If you try and delete the file it will say "no".... go into properties, security tab, give yourself rights back then you can delete.

Steve
 MakeRDP.cmd

Thanks dragon-it.  It seemed to work with your file.  Can you please help me to create a shortcut for this new RDP on the desktop.  I set the batch file above to create the RDP in the C Drive.  Now I would like to create a shortcut on the desktop.

Can you help?

Silly question, but why not just put the rdp file on the desktop?

There isn't an easy direct way of doing this from command line / batch.

There are third party tools to do it, e.g. http://www.xxcopy.com/xxcopy38.htm

Or there are awkward scripts like this:
http://www.robvanderwoude.com/amb_shortcutsnt.php

or the "easiest" way is to use VBScript.... thought this would be easy to get working from batch file but seems to have taken for ever considering the results!




Steve

@Echo off


rem set Location=AllUsersDesktop
set Location="Desktop"

set DisplayName="My Shortcut"
set filename="D:\script\makelnk.cmd"

rem set icon="something.ico"
set icon="notepad.exe, 0"

set WorkingDir="C:\"


REM Make temporary VBS file to create shortcut
REM Then execute and delete it

(echo Dim DisplayName,Location,Path,shell,link
echo Set shell = CreateObject^("WScript.shell"^)
echo path = shell.SpecialFolders^(%Location%^)
echo Set link = shell.CreateShortcut^(path ^& "\" ^& %DisplayName% ^& ".lnk"^)

echo link.Description = %DisplayName%
echo link.TargetPath = %filename%

echo link.WindowStyle = 3
echo link.IconLocation = %icon%

echo link.WorkingDirectory = %WorkingDir%
echo link.Save

)> "%temp%\makelink.vbs"
cscript //nologo "%temp%\makelink.vbs"
del "%temp%\makelink.vbs" 2>NUL

Select allOpen in new window

MakeRDP.cmd

The cmd file attached there is your existing make RDP file + the shortcut making code, code shown above is just for making a shortcut

"WindowStyle" line in there btw is:

3 = maximized
1 = normal window
7 = minimized

Steve

Dragon-it, you are a genuis.  Just one more question though, can I set permissions to the shortcut???  I dont want to allow anyone to edit / delete the shortcut?  Is that possible?

just another cacls command would do that.  As it currently gets the desktop path within the code of the vbscript bit it would need adding in there, not typing that on here will have to wait until on pc in a bit!

Steve

Thanks.

I added:
echo Y|cacls %filename% /P %username%:r

to the end of the file, but it does not seem to change the permissions.  Did I put it in the wrong place?

We'll have to add it into the VBScript .  Have also added an /e to the other cacls command to just edit the acl to leave other entries in place such as admins.

@echo off

REM Change this by remming out desktop or all users desktop as you wish
REM Make sure that all entries below have " " around them as present

rem set Location="AllUsersDesktop"
set Location="Desktop"

set DisplayName="My Shortcut"
set filename="C:\myfolder\test.rdp"

REM point to an ICO file or an icon within an existing EXE
rem set icon="something.ico"
set icon="notepad.exe, 0"

set WorkingDir="C:\myfolder"

(echo screen mode id:i:1
echo use multimon:i:0
echo desktopwidth:i:1366
echo desktopheight:i:768
echo session bpp:i:32
echo winposstr:s:0,1,4,0,1353,728
echo compression:i:1
echo keyboardhook:i:2
echo audiocapturemode:i:0
echo videoplaybackmode:i:1
echo connection type:i:2
echo displayconnectionbar:i:1
echo disable wallpaper:i:1
echo allow font smoothing:i:0
echo allow desktop composition:i:0
echo disable full window drag:i:1
echo disable menu anims:i:1
echo disable themes:i:0
echo disable cursor setting:i:0
echo bitmapcachepersistenable:i:1
echo full address:s:192.0.0.0
echo audiomode:i:0
echo redirectprinters:i:0
echo redirectcomports:i:0
echo redirectsmartcards:i:1
echo redirectclipboard:i:0
echo redirectposdevices:i:0
echo redirectdirectx:i:1
echo autoreconnection enabled:i:1
echo authentication level:i:2
echo prompt for credentials:i:0
echo negotiate security layer:i:1
echo remoteapplicationmode:i:0
echo alternate shell:s:MyApp.exe
echo shell working directory:s:c:\Program Files\ffm\
echo gatewayhostname:s:
echo gatewayusagemethod:i:4
echo gatewaycredentialssource:i:4
echo gatewayprofileusagemethod:i:0
echo promptcredentialonce:i:1
echo use redirection server name:i:0
echo username:s:SERVER1\USER01
echo drivestoredirect:s:
) > %filename%
attrib "%filename% +r
echo Y|cacls %filename% /E/P %username%:r


REM Make temporary VBS file to create shortcut
REM Then execute and delete it

(echo Dim DisplayName,Location,Path,shell,link
echo Set shell = CreateObject^("WScript.shell"^)
echo path = shell.SpecialFolders^(%Location%^)
echo Set link = shell.CreateShortcut^(path ^& "\" ^& %DisplayName% ^& ".lnk"^)

echo link.Description = %DisplayName%
echo link.TargetPath = %filename%

echo link.WindowStyle = 3
echo link.IconLocation = %icon%

echo link.WorkingDirectory = %WorkingDir%
echo link.Save
echo answer=shell.run^("cacls " ^& chr^(34^) ^& path ^& "\" ^& %DisplayName% ^& ".lnk" ^& chr^(34^) ^& " /E /P %username%:r",,True^)

)> "%temp%\makelink.vbs"
cscript //nologo "%temp%\makelink.vbs"
rem del "%temp%\makelink.vbs" 2>NUL

Select allOpen in new window

I now get the follwoing error:

Parameter format not correct -
  NOTE: Cacls is now deprecated, please use Icacls.

Displays or modifes access control lists (ACLs) of files

...

Access is denied.
Input error: Can not find script file "C:Users\User1~1\AddData\Local\Temp\makelink.vbs".

What OS is this on?  The only two changes if you want to make them to your working script (and this works as is for me on Win 7) is adding /e to the first cacls line and

echo answer=shell.run^("cacls " ^& chr^(34^) ^& path ^& "\" ^& %DisplayName% ^& ".lnk" ^& chr^(34^) ^& " /E /P %username%:r",,True^)

after the echo.link line

As it seems to have been an issue before when copying/pasting from the code window have attached my working here cmd and you can amend with your paths:

I have left the DEL command at the end remmed out.  Can you paste back the contents of the VBS file, "%temp%\makelink.vbs" if still an error.

Steve
MakeRDP.cmd

Have you added any special characters such as ) ( & etc. in the shortcut display name?

Please post script as you have it if unsure.

My complete file:

@echo off

REM Change this by remming out desktop or all users desktop as you wish
REM Make sure that all entries below have " " around them as present

rem set Location="AllUsersDesktop"
set Location="Desktop"

set DisplayName="FreeTest"
set filename="C:\FreeTest\FT.rdp"

REM point to an ICO file or an icon within an existing EXE
rem set icon="C:\FreeTest\Free.ico"
set icon="C:\FreeTest\Free.ico, 0"

set WorkingDir="C:\FreeTest"

(echo screen mode id:i:1
echo use multimon:i:0
echo desktopwidth:i:1366
echo desktopheight:i:768
echo session bpp:i:32
echo winposstr:s:0,1,4,0,1353,728
echo compression:i:1
echo keyboardhook:i:2
echo audiocapturemode:i:0
echo videoplaybackmode:i:1
echo connection type:i:2
echo displayconnectionbar:i:1
echo disable wallpaper:i:1
echo allow font smoothing:i:0
echo allow desktop composition:i:0
echo disable full window drag:i:1
echo disable menu anims:i:1
echo disable themes:i:0
echo disable cursor setting:i:0
echo bitmapcachepersistenable:i:1
echo full address:s:192.0.0.0
echo audiomode:i:0
echo redirectprinters:i:0
echo redirectcomports:i:0
echo redirectsmartcards:i:1
echo redirectclipboard:i:0
echo redirectposdevices:i:0
echo redirectdirectx:i:1
echo autoreconnection enabled:i:1
echo authentication level:i:2
echo prompt for credentials:i:0
echo negotiate security layer:i:1
echo remoteapplicationmode:i:0
echo alternate shell:s:FreeT.exe
echo shell working directory:s:c:\Program Files\ffm\
echo gatewayhostname:s:
echo gatewayusagemethod:i:4
echo gatewaycredentialssource:i:4
echo gatewayprofileusagemethod:i:0
echo promptcredentialonce:i:1
echo use redirection server name:i:0
echo drivestoredirect:s:
) > %filename%
attrib "%filename% +r
echo Y|cacls %filename% /E/P %username%:r


REM Make temporary VBS file to create shortcut
REM Then execute and delete it

(echo Dim DisplayName,Location,Path,shell,link
echo Set shell = CreateObject^("WScript.shell"^)
echo path = shell.SpecialFolders^(%Location%^)
echo Set link = shell.CreateShortcut^(path ^& "\" ^& %DisplayName% ^& ".lnk"^)

echo link.Description = %DisplayName%
echo link.TargetPath = %filename%

echo link.WindowStyle = 3
echo link.IconLocation = %icon%

echo link.WorkingDirectory = %WorkingDir%
echo link.Save
echo answer=shell.run^("cacls " ^& chr^(34^) ^& path ^& "\" ^& %DisplayName% ^& ".lnk" ^& chr^(34^) ^& " /E /P %username%:r",,True^)

)> "%temp%\makelink.vbs"
cscript //nologo "%temp%\makelink.vbs"
rem del "%temp%\makelink.vbs" 2>NUL

OK that works for me except for the permissions on the original file.  It seems I missed a space between the /E and /P

echo Y|cacls %filename% /E /P %username%:r
Aside from that it just worked for me.  I created your test path, copied another .ico file to free.ico in there and it created the rdp file and shortcut on the desktop.

Steve

I dont undertstand, I am using the exact same file.  Getting the same error.

Please send me you test file, so I can go through it.

Ok, here it is make.cmd

 

C:\freetest>dir
 Volume in drive C has no label.
 Volume Serial Number is 6E49-D3FA

 Directory of C:\freetest

01/11/2011  10:30    <DIR>          .
01/11/2011  10:30    <DIR>          ..
07/03/2010  15:39               766 free.ico
01/11/2011  10:31             1,048 FT.rdp
01/11/2011  10:31             2,545 make.cmd
               3 File(s)          4,359 bytes
               2 Dir(s)  147,085,930,496 bytes free

C:\freetest>make
Parameter format not correct -
processed file: C:\FreeTest\FT.rdp

C:\freetest>

Select allOpen in new window

I can get the RDP created, just the shortcut is not being created at all.  I keep getting an "Access is denied" error

Is it there already.  You will have no rights to it if so... and will need deleting first?

Ok, it worked on other users desktop, but they still have rights to delete the desktop.

I think that it is a permissions problem, becasue the application has only read and execute rights.  I dont really need those rights on the RDP, I need the rights on the shortcut, so as to prevent the users from deleting the shortcut.

Hmm lets add read only then too - have put attrib in the vbscript for the lnk file too.  As the user is an owner of the icon they could delete it anyway I suppose.  If it is read only it should ask for admin permission to delete.

There was an extra " on the first attrib line for the RDP file too which caused it not make that change.

Steve
make.cmd

If you don't want the rdp to get any permissions just rem out or remove the original cacls and attrib lines

Steve

Thanks,

I tried it again, but I get the following error again:

Input Error: Can not find script file "C:\Users\Users~1\AppData\Local\Temp\makelink.vbs".  

What is the problem with access here?

Does that file get created?  Have you tried it exactly as I sent it or edited it?
It sounds like the sort of thing where an extra bracket or quote or the like is causing it not to do the next bit etc.

Of course another way if acceptable would be just to do the lot in VBScript.  I can help with this if needed but got some paid work to do too at some point!

Have asked the mods to add the "VBScript" and "MSDOS" areas to this Q. to get some fresh blood in here if needed.

Steve

Thanks Qlemo (and modalot who picked it up too).

@Jasmin01 - The script above works for me as is, can you advise on whether it is creating the VBScript, and also post the exact script (attach the file) that you are using please.

Also start cmd.exe prompt, remove "@echo off "from the top of the batch file and then run it from cmd.exe prompt, i.e.

make.cmd

And if you could post in the entire output it makes please in the cmd window.

thanks

Steve

Here is the result from cmd.exe

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\nbv\Desktop>make.cmd

C:\Users\nbv\Desktop>REM Change this by remming out desktop or all users d
esktop as you wish

C:\Users\nbv\Desktop>REM Make sure that all entries below have " " around
them as present

C:\Users\nbv\Desktop>rem set Location="AllUsersDesktop"

C:\Users\nbv\Desktop>set Location="Desktop"

C:\Users\nbv\Desktop>set DisplayName="FreeTest"

C:\Users\nbv\Desktop>set filename="C:\FreeT\FreeTest_Remote.rdp"

C:\Users\nbv\Desktop>REM point to an ICO file or an icon within an existin
g EXE

C:\Users\nbv\Desktop>rem set icon="C:\FreeT\Free.ico"

C:\Users\nbv\Desktop>set icon="C:\FreeT\Free.ico, 0"

C:\Users\nbv\Desktop>set WorkingDir="C:\FreeT"

C:\Users\nerishabv\Desktop>del "C:\FreeT\FreeTest_Remote.rdp"  2>NUL
C:\FreeT\FreeTest_Remote.rdp

C:\Users\nbv\Desktop>(
echo screen mode id:i:1
 echo use multimon:i:0
 echo desktopwidth:i:1366
 echo desktopheight:i:768
 echo session bpp:i:32
 echo winposstr:s:0,1,4,0,1353,728
 echo compression:i:1
 echo keyboardhook:i:2
 echo audiocapturemode:i:0
 echo videoplaybackmode:i:1
 echo connection type:i:2
 echo displayconnectionbar:i:1
 echo disable wallpaper:i:1
 echo allow font smoothing:i:0
 echo allow desktop composition:i:0
 echo disable full window drag:i:1
 echo disable menu anims:i:1
 echo disable themes:i:0
 echo disable cursor setting:i:0
 echo bitmapcachepersistenable:i:1
 echo full address:s:192.0.0.0
 echo audiomode:i:0
 echo redirectprinters:i:0
 echo redirectcomports:i:0
 echo redirectsmartcards:i:1
 echo redirectclipboard:i:0
 echo redirectposdevices:i:0
 echo redirectdirectx:i:1
 echo autoreconnection enabled:i:1
 echo authentication level:i:2
 echo prompt for credentials:i:0
 echo negotiate security layer:i:1
 echo remoteapplicationmode:i:0
 echo alternate shell:s:FreeTest.exe
 echo shell working directory:s:c:\Program Files\ffm\
 echo gatewayhostname:s:
 echo gatewayusagemethod:i:4
 echo gatewaycredentialssource:i:4
 echo gatewayprofileusagemethod:i:0
 echo promptcredentialonce:i:1
 echo use redirection server name:i:0
 echo drivestoredirect:s:
) 1>"C:\FreeT\FreeTest_Remote.rdp"
Access is denied.

C:\Users\nbv\Desktop>attrib "C:\FreeT\FreeTest_Remote.rdp" +r

C:\Users\nbv\Desktop>echo Y  | cacls "C:\FreeT\FreeTest_Remote.rdp
" /E /P nbv:r
processed file: C:\FreeT\FreeTest_Remote.rdp

C:\Users\nbv\Desktop>REM Make temporary VBS file to create shortcut

C:\Users\nbv\Desktop>REM Then execute and delete it

C:\Users\nbv\Desktop>(
echo Dim DisplayName,Location,Path,shell,link
 echo Set shell = CreateObject("WScript.shell")
 echo path = shell.SpecialFolders("Desktop")
 echo Set link = shell.CreateShortcut(path & "\" & "FreeTest" & ".lnk")
 echo link.Description = "FreeTest"
 echo link.TargetPath = "C:\FreeT\FreeTest_Remote.rdp"
 echo link.WindowStyle = 3
 echo link.IconLocation = "C:\FreeT\Free.ico, 0"
 echo link.WorkingDirectory = "C:\FreeT"
 echo link.Save
 echo answer=shell.run("attrib " & chr(34) & path & "\" & "FreeTest" & ".lnk" &
chr(34) & " +R")
 echo answer=shell.run("cacls " & chr(34) & path & "\" & "FreeTest" & ".lnk" & c
hr(34) & " /E /P nbv:r",,True)
) 1>"C:\Users\NBV~1\AppData\Local\Temp\makelink.vbs"
Access is denied.

C:\Users\nbv\Desktop>cscript //nologo "C:\Users\NBV~1\AppData\Local\Tem
p\makelink.vbs"
Input Error: Can not find script file "C:\Users\NBV~1\AppData\Local\Temp\make
link.vbs".

C:\Users\nbv\Desktop>rem del "C:\Users\NBV~1\AppData\Local\Temp\makelin
k.vbs" 2>NUL

C:\Users\nbv\Desktop>

Yes, the temp file cannot be written to.  Can I re-locate the temp file to a location that I have permissions to?

You always have permissions to write into your own Temp folder ... The permissions have to have been removed somehow. Obviously we have to be allowed to use the desktop folder (or the C:\Free), so I would just try with that. The C:\Free folder is easier, as it is fixed - Desktop is a special folder and might have been redirected, and we do not have necessarily the exact location in a cmd batch.

Agreed.  Can't see any reason why it wouldn't work mind... unless it is lack of delete rights say and the file exists.

As a matter of interest Jasmin01 if you do this does it work:

start a cmd.exe prompt

echo %temp%
dir > "%temp%\dir.txt"
dir > "%temp%\dir.txt"
del "%temp%\dir.txt"

i.e. show where temp is, try and write twice to a file there then delete it.

and/or

dir > "%temp%\makelink.vbs"
dir > "%temp%\makelink.vbs"
del "%temp%\makelink.vbs"

Could it be some AV software you are using that is preventing the creation of VBS files?

Thanks Dragon-it.  I just changed the location of the temp file, and it works great!

glad we got there in the end.  interesting one and learned a few things myself alomg the way!

Still wonder how / why your temp directory wont give access mind.  i would investigate if I were you as otherwise you'll end up with other apps not working too?

Steve

Thanks, I figured out the problem there, I accidentally set less permissions on my temp folder. :-)

just another question quickly, is there a way to remove those warning messages that say: "The publisher of this remote connection cannot be identified.  Do you want to connect anyway?"

Yes... and No.  Not a simple process, easiest to tick the box on first use involving having certifcates that are trusted and then signing the rdp file with that certificate...

These docs explain a bit.

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/8ea47264-d065-48e3-b73e-0c1cf19dc8d7/

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/f843bcd7-8a97-4c9f-9310-c6220a343544/