Solved

Save Remote Desktop Passwords on server drive

Posted on 2006-11-28
22
267 Views
Last Modified: 2010-05-19
Our network consists of roughly 100 machines, all of which we need remote access to occasionally.  We have set up a Remote Destkops folder which contains RDP icons for each PC, saving the username and IP address.  When we attempt to save the passwords in the RDP shortcuts, the passwords are only saved *on the machine that actually saved them*.  If we go to another machine, view the Remote Desktops folder, and Edit the shortcut, the password is not saved.  We can return to the PC that originally saved the password, and it is indeed saved.

Is there any way to save these passwords with the RDP shortcuts so that they're always accessible from any machine on the network?  Security issues aside, for the time being...

Thanks very much!
0
Comment
Question by:saoirse1916
22 Comments
 
LVL 8

Author Comment

by:saoirse1916
ID: 18030065
P.S. What we are currently assuming is that the answer is no, and that the passwords are just saved in the local machine's password table.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18030214
Are you saving these to a network share?
0
 
LVL 8

Author Comment

by:saoirse1916
ID: 18030297
Yes, the Remote Desktops folder is saved on a network share, access is limited to Domain Admins only.
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 250 total points
ID: 18030706
Then you're probably right and the password is stored elsewhere.
Would unassisted remote service work for you?
0
 
LVL 8

Author Comment

by:saoirse1916
ID: 18030944
I don't think I've heard of unassisted remote service...  what do you mean by that?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18031031
Click Start->Run->...and paste the following in the run box:

"hcp://CN=Microsoft Corporation,L=Redmond,S=Washington,C=US/Remote Assistance/Escalation/Unsolicited/Unsolicitedrcui.htm"

It's basically Remote Assistance without the user having to initiate the session - you, as an admin, initiate it by entering their workstation name or IP address.

Of course, you would be using their logon session, not your own RDP session - so you'd be under their credentials and need to use runas to elevate them...
0
 
LVL 8

Author Comment

by:saoirse1916
ID: 18031604
Is there anything that needs to be set on the workstations?  I've tried using this on several systems on our network and none seem to work.  I get two different errors: Remote Assistance failed. Please try again - or: Access to the requested resource has been disabled by your administrator.

The latter message I get when I attempt to connect to one of our servers, and I believe we do have remote assistance turned off there, which is OK since that's one password we wouldn't be interested in saving anyway.  But the first error I get on a machine that has remote assistance on, and I still can't get through.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18033433
Under Computer Properties (Start->Run->sysadm.cpl <Enter>) on the Remote tab, Remote Assistance is checked (and the subsequent "allow this computer to be remote controlled"?

You might check the group policy as well:
http://support.microsoft.com/?id=301527
http://support.microsoft.com/?id=306496
0
 
LVL 8

Author Comment

by:saoirse1916
ID: 18037427
Everything looks like it checks out.  The machine that I'm testing this remote connection with is on a different subnet -- i.e. the machine that I'm using as my administrator PC is on a 192.168.0.XXX IP and the one that I'm trying to take over is on 192.168.2.XXX.  Would that have anything to do with it?  The 192.168.2.XXX PC is in a remote location but is connected via a VPN.
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 67

Expert Comment

by:sirbounty
ID: 18038105
Hmm - doubtful.  I believe it uses the same port, 3389, for connectivity.
Let me think on this - I use it over VPN with no problem.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18058149
Any firewall perhaps that might be preventing this?
0
 
LVL 8

Author Comment

by:saoirse1916
ID: 18058943
I doubt it -- if it uses the same port as RDP, those connections all work fine.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18060611
I can't think of what would be preventing it but the message about being disabled your administrator leads me to believe it's a policy.
You could click Start->Run->RSOP.Msc <enter>
to get a list of policies that are applied.  Perhaps something in there will show what it is...?
0
 
LVL 8

Author Comment

by:saoirse1916
ID: 18087977
Well, I didn't see much in there that would have anything to do with remote connections...
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18103146
I've asked for some other expert assistance here.  I can't think of what would be blocking it...
0
 
LVL 4

Expert Comment

by:expexchuser
ID: 18103812
Ensure the help and support service is enabled and running on both source and destination.
0
 
LVL 1

Assisted Solution

by:MichaelMiari
MichaelMiari earned 250 total points
ID: 18103826
"Start" - "Run" - "gpedit.msc"
Expand "Local Computer Policy"
"Computer Configuration"
"Administrative Templates"
"System"
"Remote Assistance"  
"Offer Remote Assistance" :
To configure the list of helpers, click Show. This opens a new window where you can enter the names of the helpers. Add each user or group one by one.
When you enter the name of the helper user or user groups, use the following format:  <Domain Name>\<User Name> or  <Domain Name>\<Group Name>  

Then :
Expand "Local Computer Policy"
"Computer Configuration"
"Administrative Templates"
"Network"
"Network Connections"
"Windows Firewall: Define port exceptions”:  135:TCP:*:Enabled: Offer Remote Assistance  
“Windows Firewall: Define program exceptions”:
%WINDIR%\PCHealth\HelpCtr\Binaries\Helpsvc.exe:*:Enabled:Offer Remote Assistance  
%WINDIR%\PCHealth\HelpCtr\Binaries\Helpctr.exe:*:Enabled:Remote Assistance Windows Messenger and Voice  

For computers running the Windows XP Service Pack 2 (SP2) and Windows XP 64-bit Service Pack 1 (SP1) operating systems
“Windows Firewall: Define program exceptions”:  %WINDIR%\SYSTEM32\Sessmgr.exe:*: Enabled: Remote Assistance  

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18104050
Thanx gang. :^)
0
 
LVL 8

Author Comment

by:saoirse1916
ID: 18165549
Wow -- well, that did it, but with 100+ systems it'll be some time before we can make those changes across the board.  Is there a way to do this through Active Directory's group policy so that it will configure this on all machines in the domain?
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This is an article based on some fact, and much personal opinion. While you may differ from me in the things you value in a personal computer, I hope this advice can serve to inspire a more objective comparison of two computers, help your figure out…
How can this article save you time AND money?  In just a few minutes you may discover something you didn't know existed that is easy enough for you to fix yourself!
The viewer will learn how to successfully download and install the SARDU utility on Windows 8, without downloading adware.
The viewer will learn how to successfully download and install the SARDU utility on Windows 7, without downloading adware.

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now