Link to home
Start Free TrialLog in
Avatar of HilltownHealthCenter
HilltownHealthCenter

asked on

Need a VB script to set RDP check-box in Computer Properties

I need a VB script that will open My Computer/Remote tab, check the RDP checkbox, and close.

I have tried setting/resetting the registry item DWORD,
HKLM\CurrentControlSet\Control\TerminalServer\fDenyTSConnections

this does not seem to enable RDP if it was set unchecked using the Remote tab on My Computer/Properties. (I have experimented extensively with this).

Avatar of Steven Carnahan
Steven Carnahan
Flag of United States of America image

Rather than re-invent the wheel you might want to take a look at this thread on Spiceworks:  http://community.spiceworks.com/scripts/show/302-enable-or-disable-rdp-remote-desktop-on-remote-system-vbs and see if that helps you.
What OS are you running?
What have you tried to set the value to inthe regisrty?
Have you rebooted the computer after making the change?
Can you post the script you have?
WriteRegistry "HKLM\System\CurrentControlSet\Control\Terminal Server\fDenyTSConnections", 0, "REG_DWORD"

Sub WriteRegistry(path, value, regType)     
Dim sbShl     
Set sbShl = WScript.CreateObject("WScript.Shell") 
sbShl.RegWrite path, value, regType 
Set sbShl = Nothing 
End Sub

Open in new window

Avatar of HilltownHealthCenter
HilltownHealthCenter

ASKER

Here is what I am seeing:

In an RDP session to the target machine, I remotely set the RDP checkbox to blank (no RDP)
I test RDP
No RDP to this machine

I use any of the following methods to reset the registry RDP deny bit to 0:

I use regedit to connect to target machine, set the fDenyTSConnections key, -> no RDP
I use VNC remote control application to log onto target, change registry -> no RDP
I use a script run at boot via GPO to reset the key to 0 -> no RDP
In each case I confirm (via remote regedit) that the fDenyTSConnections key is set to zero.

If I use VNC to access the target machine, open My Computer/Remote tab, I find the RDP box is checked. I uncheck the box, click Apply, recheck the box, click close.

Now RDP works! I have tried this out repeatedly.  I do not pretend to have a clue what is happening here.

This is the reason I am looking for a script that actually opens, checks and closes the My Computer Remote tab, as that seems to be the ticket.

A note of interest: Once the checkbox is manually checked and RDP starts working, changing the registry key *will* enable and disable RDP as advertised. Only when one starts in the unchecked (disabled) state will the key fail to enable RDP.

Another note of interest: I have confirmed that changing the Remote tab check box *does* immediately change the state of the registry key, and vice versa. Given that, why under the conditions described above, RDP will not work even though both the key and checkbox are in the correct state is an extremely frustrating question.

What OS is this?
Are you rebooting after you change the registry key?
XPP SP3, and yes, tried logging out and rebooting. The only thing that reenables RDP sees to be the use of the Remote tab checkbox, but once enabled that way, the registry will then turn it off and on.
I do not have XP right now to test but try to add the "AllowTSConnections" regisrty setting in addition to "fDenyTSConnections"

http://support.microsoft.com/kb/305608
Experimental results:

Added HKLM\CurrentControlSet\Control\TerminalServer\fAllowTSConnections=1 to registry
Set Remote tab RDP check box to blank:
result:
-> fDeny.. was changed to "1"
-> fAllow still "1" (not affected by checkbox);
Logout
->RDP refused.

Used Remote Regedit  to change fDeny... to "0"  (fAllow... still "1").
Rebooted target, RDP refused.

Used VNC to access target, "uncheck/Apply/checked/Close" on Remote tab RDP checkbox
Logout
RDP accepted. fDeny...="0", fAllow... still "1".

Conclusion: the fAllowTSConnections key did not affect the issue.

Do you have the windows firewall enabled?
OK, turning off the firewall corrects the problem. So that must mean that when the RDP checkbox is used from the Remote tab of My Computer, something is changed on the firewall.

Is this going to require remote disabling/enabling the firewall of any machine I need to RDP enable?
ASKER CERTIFIED SOLUTION
Avatar of KenMcF
KenMcF
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Can you give the netsh command? There seem to be a lot of contexts to the cutility...
This is a better than what I originally intended.
The final complete solution:

GPO runs a startup script which enables resetting the registry key, and opens the RDP firewall port.

Startup script:
xcopy "\\server64\All_Staff\IT Related\IT Downloads\regini.exe" C:\ /Y
xcopy "\\server64\All_Staff\IT Related\IT Downloads\RDP0.ini" C:\ /Y
netsh firewall add portopening tcp 3389 RemoteDesktop
"C:\regini.exe" C:\RDP0.ini

RDP0.ini contains:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Terminal Server
fDenyTSConnections = REG_DWORD 0x00000000