• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5711
  • Last Modified:

How to write a script to create a remote desktop connection

Hi.

I need to create a remote desktop connection for several users, and was wondering if anyone knew of a scriot that I could use, to make the job easier.
The IP address that they need to log on to will always be the same.  I just need the Printers and Clipboard local resources deselected, and I want to have a selected program in the "Start in the following folder"
This connection should also have only "Travers Folder/execute file" permissions.

Anyone know how to do this?

0
Jasmin01
Asked:
Jasmin01
  • 28
  • 24
  • 6
2 Solutions
 
Steve KnightIT ConsultancyCommented:
Well a .RDP file is just a text file in fact so you can soon make those changes and issue an RDP file.  If you let us know what you want to be in there then we can write a script to make them, but as an example here is one of my RDP files.... Easiest method to get the settings you want is to open MSTSC, set the settings you want and Save As into an RDP file.

If you want to that amending then give us the bare details and we can amend.

The bits starting redirect are what they sounds like, and the
alternate shell:s: and shell working directory:s: lines are where your program / dir. will end up.

Steve

screen mode id:i:1
desktopwidth:i:1024
desktopheight:i:768
session bpp:i:16
winposstr:s:2,3,1729,23,2761,818
full address:s:128.127.1.249
compression:i:1
keyboardhook:i:2
audiomode:i:0
redirectdrives:i:1
redirectprinters:i:0
redirectcomports:i:0
redirectsmartcards:i:0
displayconnectionbar:i:1
autoreconnection enabled:i:1
username:s:administrator
domain:s:dragon-it.local
alternate shell:s:
shell working directory:s:
password (an encypted string)
disable wallpaper:i:1
disable full window drag:i:1
disable menu anims:i:0
disable themes:i:1
disable cursor setting:i:0
bitmapcachepersistenable:i:1
0
 
Steve KnightIT ConsultancyCommented:
If you are talking about getting this to multiple users then create your RDP file and could copy it to their machines remotely, send by email for them to save or drop in login script to copy down to desktop etc.  Please elaborate on what you would like.

Steve
0
 
QlemoC++ DeveloperCommented:
I would instead change the Terminal Server settings for those users. You can put in the same info (application to start, redirection, ...), and they cannot override that. Much better from an admin POV.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Jasmin01Author Commented:
I can create the RDP file, and send it to the multiple users.  But the permissions will have to be set on each user account.  for instance, I need to Change permissions on each user account so that they have only Traverse Folder / Execute file permissions.  I figured, if I could send them a batch file that they just ran, the rdp would get created with those permissions.  I also want them to change the icon of that RDP, so that the user does not even realise that they are logging on remotely.
0
 
Steve KnightIT ConsultancyCommented:
Good point Qlemo if this is talking to a specific terminal server, would certainly amend it there!

Why not have them all point at an RDP file on a server share if you wish?

Put your RDP file at \\server\share\somereadonlydir\Yourserver.rdp

Create a shortcut in the same dir, amend the icon for the shortcut (remembering to put the icon in the same dir, or it will be in the same path on all machines).

Either point people to this shortcut, or copy it down to people's desktops through login script or whatever.  If you set the NTFS permissions as you wish on the file then you could do say something like this from your logins script and/or set the "read only" attribute on it:

xcopy /d /o /r /k "\\server\share\somereadonlydir\Yourserver.lnk" "%userprofile\Desktop"

Steve
0
 
Jasmin01Author Commented:
The problem with that is that the users are not on a domain.  They are on a workgroup.  This is why I wanted to mail the batch file to them.
0
 
QlemoC++ DeveloperCommented:
If they are copying the file somewhere, they have access to it, because they are the owner. Not much use that way. Of course you can go and set up the privileges and fies per batch, but I would definitely harden that setting by changing the user properties. E.g. with PowerShell or VB doing a bulk change on user accounts' TS settings should not be a big issue.
0
 
Steve KnightIT ConsultancyCommented:
Ahh OK, clearer.  You can soon set cacls on an RDP to set ther permissions then. Can you supply us an example RDP file you want to create then please.

e.g. this could create an RDP file on the fly with the user's current name in (maybe appropriate, maybe not), on the users desktop and mark it read only and change ntfs permissions for the current user to read:

@echo off
(echo screen mode id:i:1
echo desktopwidth:i:1024
echo desktopheight:i:768
echo session bpp:i:16
echo winposstr:s:2,3,1729,23,2761,818
echo full address:s:128.127.1.249
echo compression:i:1
echo keyboardhook:i:2
echo audiomode:i:0
echo redirectdrives:i:1
echo redirectprinters:i:0
echo redirectcomports:i:0
echo redirectsmartcards:i:0
echo displayconnectionbar:i:1
etc.) > "%userprofile%\desktop\Your App.rdp"
attrib "%userprofile%\desktop\Your App.rdp" +r
cacls "%userprofile%\desktop\Your App.rdp" /P %username%:r
Steve
0
 
Jasmin01Author Commented:
Thanks dragon.

An example RDP, that I need to create looks like this:

screen mode id:i:1
use multimon:i:0
desktopwidth:i:1366
desktopheight:i:768
session bpp:i:32
winposstr:s:0,1,4,0,1353,728
compression:i:1
keyboardhook:i:2
audiocapturemode:i:0
videoplaybackmode:i:1
connection type:i:2
displayconnectionbar:i:1
disable wallpaper:i:1
allow font smoothing:i:0
allow desktop composition:i:0
disable full window drag:i:1
disable menu anims:i:1
disable themes:i:0
disable cursor setting:i:0
bitmapcachepersistenable:i:1
full address:s:192.0.0.0
audiomode:i:0
redirectprinters:i:0
redirectcomports:i:0
redirectsmartcards:i:1
redirectclipboard:i:0
redirectposdevices:i:0
redirectdirectx:i:1
autoreconnection enabled:i:1
authentication level:i:2
prompt for credentials:i:0
negotiate security layer:i:1
remoteapplicationmode:i:0
alternate shell:s:Application.exe
shell working directory:s:c:\Program Files\ffm\
gatewayhostname:s:
gatewayusagemethod:i:4
gatewaycredentialssource:i:4
gatewayprofileusagemethod:i:0
promptcredentialonce:i:1
use redirection server name:i:0
username:s:SERVER\USER01
drivestoredirect:s:

I just want it, such that the users cannot remove, edit this RDP, because it is enabling the user to log on directly to an application as soon as they double click on the icon.  Also, can I also change the icon of the RDP?
0
 
Steve KnightIT ConsultancyCommented:
Can't think of a native way of changing the icon without using another tool which won't be there, or the like.

Maybe a self extracing ZIP file or the like would be a better plan as then it could be all in place and extracted to the relevant dir?

Steve
0
 
Jasmin01Author Commented:
I was thinking of creating a shortcut to the RDP.  That way, I would be able to change the icon.

Also, can you explain this line to me:

cacls "%userprofile%\desktop\Your App.rdp" /P %username%:r
Steve
 
Does that mean that this will need to change for eash user?
0
 
Steve KnightIT ConsultancyCommented:
That would pickup the current logged on user name and amend the permissions of the file on their desktop (assuming this is under their userprofile, e.g. c:\users\stephen\desktop) to read only (the R).

cacls "%userprofile%\desktop\Your App.rdp" /P %username%:r


Steve
0
 
Jasmin01Author Commented:
Sorry, I'm just trying to understand, for me to load this as a batch file, do I use:

cacls "%userprofile%\desktop\Your App.rdp" /P %username%:r

And this will apply read permissions to any user that installs this batch file?
0
 
Steve KnightIT ConsultancyCommented:
it will apply it for the user running the batch file... But  then it will be their desktop anyway.

As they are the owner of the file having created it they could give themselves full control back in secuirty tab if they know how to.

Steve
0
 
Jasmin01Author Commented:
Ok, I created this:  I ran it, and nothing happened.  What am I doing wrong?

@echo off
(echo screen mode id:i:1
echo use multimon:i:0
echo desktopwidth:i:1366
echo desktopheight:i:768
echo session bpp:i:32
echo winposstr:s:0,1,4,0,1353,728
echo compression:i:1
echo keyboardhook:i:2
echo audiocapturemode:i:0
echo videoplaybackmode:i:1
echo connection type:i:2
echo displayconnectionbar:i:1
echo disable wallpaper:i:1
echo allow font smoothing:i:0
echo allow desktop composition:i:0
echo disable full window drag:i:1
echo disable menu anims:i:1
echo disable themes:i:0
echo disable cursor setting:i:0
echo bitmapcachepersistenable:i:1
echo full address:s:192.0.0.0
echo audiomode:i:0
echo redirectprinters:i:0
echo redirectcomports:i:0
echo redirectsmartcards:i:1
echo redirectclipboard:i:0
echo redirectposdevices:i:0
echo redirectdirectx:i:1
echo autoreconnection enabled:i:1
echo authentication level:i:2
echo prompt for credentials:i:0
echo negotiate security layer:i:1
echo remoteapplicationmode:i:0
echo alternate shell:s:MyApp.exe
echo shell working directory:s:c:\Program Files\ffm\
echo gatewayhostname:s:
echo gatewayusagemethod:i:4
echo gatewaycredentialssource:i:4
echo gatewayprofileusagemethod:i:0
echo promptcredentialonce:i:1
echo use redirection server name:i:0
echo username:s:SERVER1\USER01
echo drivestoredirect:s:)
 > "%userprofile%\desktop\MyApp.rdp"
attrib "%userprofile%\desktop\MyApp.rdp" +r
cacls "%userprofile%\desktop\MyApp.rdp" /P %username%:r


0
 
Steve KnightIT ConsultancyCommented:
try moving the ) down to same line as > redirect or vice versa.  sorry on mobile at mo. So if have missed anything else will look when back on pc in a bit.

Depending upon os/config your desktop may not be at desktop folder under user profile.  if it doesnt appear on desktop have a look to see if that dir exists.  we can get desktop directory other ways if needed, that is quick easy way...

Steve

Steve
0
 
Jasmin01Author Commented:
I tried that, but I am gettin an error message that says:

'@' is not recognized as an internal or external command, operable program or batch file"
0
 
Steve KnightIT ConsultancyCommented:
Hmm, only @ I can see is at the top.  Did you save it using notepad or something else as it works for me - this is Win7 for now.  At least it creates te RDP file.  It could also be the start in path needs quotes around it within the RDP, not sure but will see once you try and use it.

What does:

echo %username%

show from cmd.exe prompt?

Steve
@echo off
(echo screen mode id:i:1
echo use multimon:i:0
echo desktopwidth:i:1366
echo desktopheight:i:768
echo session bpp:i:32
echo winposstr:s:0,1,4,0,1353,728
echo compression:i:1
echo keyboardhook:i:2
echo audiocapturemode:i:0
echo videoplaybackmode:i:1
echo connection type:i:2
echo displayconnectionbar:i:1
echo disable wallpaper:i:1
echo allow font smoothing:i:0
echo allow desktop composition:i:0
echo disable full window drag:i:1
echo disable menu anims:i:1
echo disable themes:i:0
echo disable cursor setting:i:0
echo bitmapcachepersistenable:i:1
echo full address:s:192.0.0.0
echo audiomode:i:0
echo redirectprinters:i:0
echo redirectcomports:i:0
echo redirectsmartcards:i:1
echo redirectclipboard:i:0
echo redirectposdevices:i:0
echo redirectdirectx:i:1
echo autoreconnection enabled:i:1
echo authentication level:i:2
echo prompt for credentials:i:0
echo negotiate security layer:i:1
echo remoteapplicationmode:i:0
echo alternate shell:s:MyApp.exe
echo shell working directory:s:c:\Program Files\ffm\
echo gatewayhostname:s:
echo gatewayusagemethod:i:4
echo gatewaycredentialssource:i:4
echo gatewayprofileusagemethod:i:0
echo promptcredentialonce:i:1
echo use redirection server name:i:0
echo username:s:SERVER1\USER01
echo drivestoredirect:s:
) > "%userprofile%\desktop\MyApp.rdp" 
attrib "%userprofile%\desktop\MyApp.rdp" +r
cacls "%userprofile%\desktop\MyApp.rdp" /P %username%:r

Open in new window

0
 
QlemoC++ DeveloperCommented:
In the batch file as shown last there is only one @, and that one is correct. No clue what you did different, so either review your batch for extranous characters or post the batch again.
0
 
QlemoC++ DeveloperCommented:
There could indeed be some ampersands, ats, spaces and other "invalid" characters in the %userprofile% var, so enclosing in double quotes is a good idea.
0
 
Jasmin01Author Commented:
I used notepad to create it.  

Echo %username% returns my username that I am logged on as.
0
 
Steve KnightIT ConsultancyCommented:
OK, well aside from the userprofile possibility (and it does have " " around it so should be OK) the vesion in http:#37056091 above I have specifically tested exactly as is and it adds the RDP file on my desktop OK.

Can you run it from cmd.exe please having removed the @echo off line at the top to see where it is having a problem.

Does the RDP file get created at all?

If we are talking about after it has started the RDP session from the icon then you will most likely need " " around the path / program file names if they have spaces in.


Steve
0
 
Jasmin01Author Commented:
Without the @echo off, it gives me the same error, just saying '<blank space>' is not recognized as in internal or external command operable program or batch file.

It does not create the RDP at all.
0
 
Steve KnightIT ConsultancyCommented:
OK.  Odd.  This is the exact same script as above, not edited?

I have saved it here for you and attached.  Have a try with that.  Could it be it got saved as UTF encoded or something from Notepad?

I have atatched here.  Only thing I've added now is echo Y| before the cacls command as it asks "Are you sure Y/N" as you are taking your own rights away.

If you try and delete the file it will say "no".... go into properties, security tab, give yourself rights back then you can delete.

Steve
 MakeRDP.cmd
0
 
Jasmin01Author Commented:
Thanks dragon-it.  It seemed to work with your file.  Can you please help me to create a shortcut for this new RDP on the desktop.  I set the batch file above to create the RDP in the C Drive.  Now I would like to create a shortcut on the desktop.

Can you help?
0
 
Steve KnightIT ConsultancyCommented:
Silly question, but why not just put the rdp file on the desktop?

There isn't an easy direct way of doing this from command line / batch.

There are third party tools to do it, e.g. http://www.xxcopy.com/xxcopy38.htm

Or there are awkward scripts like this:
http://www.robvanderwoude.com/amb_shortcutsnt.php

or the "easiest" way is to use VBScript.... thought this would be easy to get working from batch file but seems to have taken for ever considering the results!




Steve
@Echo off


rem set Location=AllUsersDesktop
set Location="Desktop"

set DisplayName="My Shortcut"
set filename="D:\script\makelnk.cmd"

rem set icon="something.ico"
set icon="notepad.exe, 0"

set WorkingDir="C:\"


REM Make temporary VBS file to create shortcut
REM Then execute and delete it

(echo Dim DisplayName,Location,Path,shell,link
echo Set shell = CreateObject^("WScript.shell"^)
echo path = shell.SpecialFolders^(%Location%^)
echo Set link = shell.CreateShortcut^(path ^& "\" ^& %DisplayName% ^& ".lnk"^)

echo link.Description = %DisplayName%
echo link.TargetPath = %filename%

echo link.WindowStyle = 3
echo link.IconLocation = %icon%

echo link.WorkingDirectory = %WorkingDir%
echo link.Save

)> "%temp%\makelink.vbs"
cscript //nologo "%temp%\makelink.vbs"
del "%temp%\makelink.vbs" 2>NUL

Open in new window

MakeRDP.cmd
0
 
Steve KnightIT ConsultancyCommented:
The cmd file attached there is your existing make RDP file + the shortcut making code, code shown above is just for making a shortcut

"WindowStyle" line in there btw is:

3 = maximized
1 = normal window
7 = minimized

Steve
0
 
Jasmin01Author Commented:
Dragon-it, you are a genuis.  Just one more question though, can I set permissions to the shortcut???  I dont want to allow anyone to edit / delete the shortcut?  Is that possible?
0
 
Steve KnightIT ConsultancyCommented:
just another cacls command would do that.  As it currently gets the desktop path within the code of the vbscript bit it would need adding in there, not typing that on here will have to wait until on pc in a bit!

Steve
0
 
Jasmin01Author Commented:
Thanks.

I added:
echo Y|cacls %filename% /P %username%:r

to the end of the file, but it does not seem to change the permissions.  Did I put it in the wrong place?
0
 
Steve KnightIT ConsultancyCommented:
We'll have to add it into the VBScript .  Have also added an /e to the other cacls command to just edit the acl to leave other entries in place such as admins.


@echo off

REM Change this by remming out desktop or all users desktop as you wish
REM Make sure that all entries below have " " around them as present

rem set Location="AllUsersDesktop"
set Location="Desktop"

set DisplayName="My Shortcut"
set filename="C:\myfolder\test.rdp"

REM point to an ICO file or an icon within an existing EXE
rem set icon="something.ico"
set icon="notepad.exe, 0"

set WorkingDir="C:\myfolder"

(echo screen mode id:i:1
echo use multimon:i:0
echo desktopwidth:i:1366
echo desktopheight:i:768
echo session bpp:i:32
echo winposstr:s:0,1,4,0,1353,728
echo compression:i:1
echo keyboardhook:i:2
echo audiocapturemode:i:0
echo videoplaybackmode:i:1
echo connection type:i:2
echo displayconnectionbar:i:1
echo disable wallpaper:i:1
echo allow font smoothing:i:0
echo allow desktop composition:i:0
echo disable full window drag:i:1
echo disable menu anims:i:1
echo disable themes:i:0
echo disable cursor setting:i:0
echo bitmapcachepersistenable:i:1
echo full address:s:192.0.0.0
echo audiomode:i:0
echo redirectprinters:i:0
echo redirectcomports:i:0
echo redirectsmartcards:i:1
echo redirectclipboard:i:0
echo redirectposdevices:i:0
echo redirectdirectx:i:1
echo autoreconnection enabled:i:1
echo authentication level:i:2
echo prompt for credentials:i:0
echo negotiate security layer:i:1
echo remoteapplicationmode:i:0
echo alternate shell:s:MyApp.exe
echo shell working directory:s:c:\Program Files\ffm\
echo gatewayhostname:s:
echo gatewayusagemethod:i:4
echo gatewaycredentialssource:i:4
echo gatewayprofileusagemethod:i:0
echo promptcredentialonce:i:1
echo use redirection server name:i:0
echo username:s:SERVER1\USER01
echo drivestoredirect:s:
) > %filename%
attrib "%filename% +r
echo Y|cacls %filename% /E/P %username%:r


REM Make temporary VBS file to create shortcut
REM Then execute and delete it

(echo Dim DisplayName,Location,Path,shell,link
echo Set shell = CreateObject^("WScript.shell"^)
echo path = shell.SpecialFolders^(%Location%^)
echo Set link = shell.CreateShortcut^(path ^& "\" ^& %DisplayName% ^& ".lnk"^)

echo link.Description = %DisplayName%
echo link.TargetPath = %filename%

echo link.WindowStyle = 3
echo link.IconLocation = %icon%

echo link.WorkingDirectory = %WorkingDir%
echo link.Save
echo answer=shell.run^("cacls " ^& chr^(34^) ^& path ^& "\" ^& %DisplayName% ^& ".lnk" ^& chr^(34^) ^& " /E /P %username%:r",,True^)

)> "%temp%\makelink.vbs"
cscript //nologo "%temp%\makelink.vbs"
rem del "%temp%\makelink.vbs" 2>NUL

Open in new window

0
 
Jasmin01Author Commented:
I now get the follwoing error:

Parameter format not correct -
  NOTE: Cacls is now deprecated, please use Icacls.

Displays or modifes access control lists (ACLs) of files

...

Access is denied.
Input error: Can not find script file "C:Users\User1~1\AddData\Local\Temp\makelink.vbs".
0
 
Steve KnightIT ConsultancyCommented:
What OS is this on?  The only two changes if you want to make them to your working script (and this works as is for me on Win 7) is adding /e to the first cacls line and

echo answer=shell.run^("cacls " ^& chr^(34^) ^& path ^& "\" ^& %DisplayName% ^& ".lnk" ^& chr^(34^) ^& " /E /P %username%:r",,True^)

after the echo.link line

As it seems to have been an issue before when copying/pasting from the code window have attached my working here cmd and you can amend with your paths:

I have left the DEL command at the end remmed out.  Can you paste back the contents of the VBS file, "%temp%\makelink.vbs" if still an error.

Steve
MakeRDP.cmd
0
 
Steve KnightIT ConsultancyCommented:
Have you added any special characters such as ) ( & etc. in the shortcut display name?

Please post script as you have it if unsure.
0
 
Jasmin01Author Commented:
My complete file:

@echo off

REM Change this by remming out desktop or all users desktop as you wish
REM Make sure that all entries below have " " around them as present

rem set Location="AllUsersDesktop"
set Location="Desktop"

set DisplayName="FreeTest"
set filename="C:\FreeTest\FT.rdp"

REM point to an ICO file or an icon within an existing EXE
rem set icon="C:\FreeTest\Free.ico"
set icon="C:\FreeTest\Free.ico, 0"

set WorkingDir="C:\FreeTest"

(echo screen mode id:i:1
echo use multimon:i:0
echo desktopwidth:i:1366
echo desktopheight:i:768
echo session bpp:i:32
echo winposstr:s:0,1,4,0,1353,728
echo compression:i:1
echo keyboardhook:i:2
echo audiocapturemode:i:0
echo videoplaybackmode:i:1
echo connection type:i:2
echo displayconnectionbar:i:1
echo disable wallpaper:i:1
echo allow font smoothing:i:0
echo allow desktop composition:i:0
echo disable full window drag:i:1
echo disable menu anims:i:1
echo disable themes:i:0
echo disable cursor setting:i:0
echo bitmapcachepersistenable:i:1
echo full address:s:192.0.0.0
echo audiomode:i:0
echo redirectprinters:i:0
echo redirectcomports:i:0
echo redirectsmartcards:i:1
echo redirectclipboard:i:0
echo redirectposdevices:i:0
echo redirectdirectx:i:1
echo autoreconnection enabled:i:1
echo authentication level:i:2
echo prompt for credentials:i:0
echo negotiate security layer:i:1
echo remoteapplicationmode:i:0
echo alternate shell:s:FreeT.exe
echo shell working directory:s:c:\Program Files\ffm\
echo gatewayhostname:s:
echo gatewayusagemethod:i:4
echo gatewaycredentialssource:i:4
echo gatewayprofileusagemethod:i:0
echo promptcredentialonce:i:1
echo use redirection server name:i:0
echo drivestoredirect:s:
) > %filename%
attrib "%filename% +r
echo Y|cacls %filename% /E/P %username%:r


REM Make temporary VBS file to create shortcut
REM Then execute and delete it

(echo Dim DisplayName,Location,Path,shell,link
echo Set shell = CreateObject^("WScript.shell"^)
echo path = shell.SpecialFolders^(%Location%^)
echo Set link = shell.CreateShortcut^(path ^& "\" ^& %DisplayName% ^& ".lnk"^)

echo link.Description = %DisplayName%
echo link.TargetPath = %filename%

echo link.WindowStyle = 3
echo link.IconLocation = %icon%

echo link.WorkingDirectory = %WorkingDir%
echo link.Save
echo answer=shell.run^("cacls " ^& chr^(34^) ^& path ^& "\" ^& %DisplayName% ^& ".lnk" ^& chr^(34^) ^& " /E /P %username%:r",,True^)

)> "%temp%\makelink.vbs"
cscript //nologo "%temp%\makelink.vbs"
rem del "%temp%\makelink.vbs" 2>NUL
0
 
Steve KnightIT ConsultancyCommented:
OK that works for me except for the permissions on the original file.  It seems I missed a space between the /E and /P

echo Y|cacls %filename% /E /P %username%:r
Aside from that it just worked for me.  I created your test path, copied another .ico file to free.ico in there and it created the rdp file and shortcut on the desktop.

Steve
0
 
Jasmin01Author Commented:
I dont undertstand, I am using the exact same file.  Getting the same error.
0
 
Jasmin01Author Commented:
Please send me you test file, so I can go through it.
0
 
Steve KnightIT ConsultancyCommented:
Ok, here it is make.cmd

 icon and properties it makes
C:\freetest>dir
 Volume in drive C has no label.
 Volume Serial Number is 6E49-D3FA

 Directory of C:\freetest

01/11/2011  10:30    <DIR>          .
01/11/2011  10:30    <DIR>          ..
07/03/2010  15:39               766 free.ico
01/11/2011  10:31             1,048 FT.rdp
01/11/2011  10:31             2,545 make.cmd
               3 File(s)          4,359 bytes
               2 Dir(s)  147,085,930,496 bytes free

C:\freetest>make
Parameter format not correct -
processed file: C:\FreeTest\FT.rdp

C:\freetest>

Open in new window

0
 
Jasmin01Author Commented:
I can get the RDP created, just the shortcut is not being created at all.  I keep getting an "Access is denied" error
0
 
Steve KnightIT ConsultancyCommented:
Is it there already.  You will have no rights to it if so... and will need deleting first?
0
 
Jasmin01Author Commented:
Ok, it worked on other users desktop, but they still have rights to delete the desktop.
0
 
Jasmin01Author Commented:
I think that it is a permissions problem, becasue the application has only read and execute rights.  I dont really need those rights on the RDP, I need the rights on the shortcut, so as to prevent the users from deleting the shortcut.
0
 
Steve KnightIT ConsultancyCommented:
Hmm lets add read only then too - have put attrib in the vbscript for the lnk file too.  As the user is an owner of the icon they could delete it anyway I suppose.  If it is read only it should ask for admin permission to delete.

There was an extra " on the first attrib line for the RDP file too which caused it not make that change.

Steve
make.cmd
0
 
Steve KnightIT ConsultancyCommented:
If you don't want the rdp to get any permissions just rem out or remove the original cacls and attrib lines

Steve
0
 
Jasmin01Author Commented:
Thanks,

I tried it again, but I get the following error again:

Input Error: Can not find script file "C:\Users\Users~1\AppData\Local\Temp\makelink.vbs".  

What is the problem with access here?

0
 
Steve KnightIT ConsultancyCommented:
Does that file get created?  Have you tried it exactly as I sent it or edited it?
It sounds like the sort of thing where an extra bracket or quote or the like is causing it not to do the next bit etc.

Of course another way if acceptable would be just to do the lot in VBScript.  I can help with this if needed but got some paid work to do too at some point!

Have asked the mods to add the "VBScript" and "MSDOS" areas to this Q. to get some fresh blood in here if needed.

Steve
0
 
Steve KnightIT ConsultancyCommented:
Thanks Qlemo (and modalot who picked it up too).

@Jasmin01 - The script above works for me as is, can you advise on whether it is creating the VBScript, and also post the exact script (attach the file) that you are using please.

Also start cmd.exe prompt, remove "@echo off "from the top of the batch file and then run it from cmd.exe prompt, i.e.

make.cmd

And if you could post in the entire output it makes please in the cmd window.

thanks

Steve
0
 
Jasmin01Author Commented:
Here is the result from cmd.exe

Microsoft Windows [Version 6.1.7600]
Copyright (c) 2009 Microsoft Corporation.  All rights reserved.

C:\Users\nbv\Desktop>make.cmd

C:\Users\nbv\Desktop>REM Change this by remming out desktop or all users d
esktop as you wish

C:\Users\nbv\Desktop>REM Make sure that all entries below have " " around
them as present

C:\Users\nbv\Desktop>rem set Location="AllUsersDesktop"

C:\Users\nbv\Desktop>set Location="Desktop"

C:\Users\nbv\Desktop>set DisplayName="FreeTest"

C:\Users\nbv\Desktop>set filename="C:\FreeT\FreeTest_Remote.rdp"

C:\Users\nbv\Desktop>REM point to an ICO file or an icon within an existin
g EXE

C:\Users\nbv\Desktop>rem set icon="C:\FreeT\Free.ico"

C:\Users\nbv\Desktop>set icon="C:\FreeT\Free.ico, 0"

C:\Users\nbv\Desktop>set WorkingDir="C:\FreeT"

C:\Users\nerishabv\Desktop>del "C:\FreeT\FreeTest_Remote.rdp"  2>NUL
C:\FreeT\FreeTest_Remote.rdp

C:\Users\nbv\Desktop>(
echo screen mode id:i:1
 echo use multimon:i:0
 echo desktopwidth:i:1366
 echo desktopheight:i:768
 echo session bpp:i:32
 echo winposstr:s:0,1,4,0,1353,728
 echo compression:i:1
 echo keyboardhook:i:2
 echo audiocapturemode:i:0
 echo videoplaybackmode:i:1
 echo connection type:i:2
 echo displayconnectionbar:i:1
 echo disable wallpaper:i:1
 echo allow font smoothing:i:0
 echo allow desktop composition:i:0
 echo disable full window drag:i:1
 echo disable menu anims:i:1
 echo disable themes:i:0
 echo disable cursor setting:i:0
 echo bitmapcachepersistenable:i:1
 echo full address:s:192.0.0.0
 echo audiomode:i:0
 echo redirectprinters:i:0
 echo redirectcomports:i:0
 echo redirectsmartcards:i:1
 echo redirectclipboard:i:0
 echo redirectposdevices:i:0
 echo redirectdirectx:i:1
 echo autoreconnection enabled:i:1
 echo authentication level:i:2
 echo prompt for credentials:i:0
 echo negotiate security layer:i:1
 echo remoteapplicationmode:i:0
 echo alternate shell:s:FreeTest.exe
 echo shell working directory:s:c:\Program Files\ffm\
 echo gatewayhostname:s:
 echo gatewayusagemethod:i:4
 echo gatewaycredentialssource:i:4
 echo gatewayprofileusagemethod:i:0
 echo promptcredentialonce:i:1
 echo use redirection server name:i:0
 echo drivestoredirect:s:
) 1>"C:\FreeT\FreeTest_Remote.rdp"
Access is denied.

C:\Users\nbv\Desktop>attrib "C:\FreeT\FreeTest_Remote.rdp" +r

C:\Users\nbv\Desktop>echo Y  | cacls "C:\FreeT\FreeTest_Remote.rdp
" /E /P nbv:r
processed file: C:\FreeT\FreeTest_Remote.rdp

C:\Users\nbv\Desktop>REM Make temporary VBS file to create shortcut

C:\Users\nbv\Desktop>REM Then execute and delete it

C:\Users\nbv\Desktop>(
echo Dim DisplayName,Location,Path,shell,link
 echo Set shell = CreateObject("WScript.shell")
 echo path = shell.SpecialFolders("Desktop")
 echo Set link = shell.CreateShortcut(path & "\" & "FreeTest" & ".lnk")
 echo link.Description = "FreeTest"
 echo link.TargetPath = "C:\FreeT\FreeTest_Remote.rdp"
 echo link.WindowStyle = 3
 echo link.IconLocation = "C:\FreeT\Free.ico, 0"
 echo link.WorkingDirectory = "C:\FreeT"
 echo link.Save
 echo answer=shell.run("attrib " & chr(34) & path & "\" & "FreeTest" & ".lnk" &
chr(34) & " +R")
 echo answer=shell.run("cacls " & chr(34) & path & "\" & "FreeTest" & ".lnk" & c
hr(34) & " /E /P nbv:r",,True)
) 1>"C:\Users\NBV~1\AppData\Local\Temp\makelink.vbs"
Access is denied.

C:\Users\nbv\Desktop>cscript //nologo "C:\Users\NBV~1\AppData\Local\Tem
p\makelink.vbs"
Input Error: Can not find script file "C:\Users\NBV~1\AppData\Local\Temp\make
link.vbs".

C:\Users\nbv\Desktop>rem del "C:\Users\NBV~1\AppData\Local\Temp\makelin
k.vbs" 2>NUL

C:\Users\nbv\Desktop>
0
 
QlemoC++ DeveloperCommented:
The first "Access Denied" is because the RDP file exists, with read-only-attribute set already. Harmless.

The second one is strange. Sounds as if the user's temp cannot be written to. Please check.
0
 
Jasmin01Author Commented:
Yes, the temp file cannot be written to.  Can I re-locate the temp file to a location that I have permissions to?
0
 
Steve KnightIT ConsultancyCommented:
Thanks there Qlemo.... kids swimming lessons and stuff to deal.  All tucked up (for now).  

There is something v.odd there then.  It is trying to write to %temp% which MUST be writable to?  Is this just this one profile or a wider issue?  If you enter %temp% in the search/run box in the Start menu can you write to it from explorer?

There is nothing stopping it being anywhere else if you prefer, just change each of the three

"%temp%\makelink.vbs"
to
"c:\freet\makelink.vbs"    or whatever you prefer and remove the rem in front of the del command at the end once working.

If you amend this line:

(echo screen mode id:i:1
to
if not exist %filename% (echo screen mode id:i:1

then it should only try and make the RDP file if it is not there.  Another alternative being:

Change this bit

echo drivestoredirect:s:
) > %filename%

to

echo drivestoredirect:s:
) > %filename% 2>NUL

Have made those mods in the attached file: make.cmd
0
 
QlemoC++ DeveloperCommented:
You always have permissions to write into your own Temp folder ... The permissions have to have been removed somehow. Obviously we have to be allowed to use the desktop folder (or the C:\Free), so I would just try with that. The C:\Free folder is easier, as it is fixed - Desktop is a special folder and might have been redirected, and we do not have necessarily the exact location in a cmd batch.
0
 
Steve KnightIT ConsultancyCommented:
Agreed.  Can't see any reason why it wouldn't work mind... unless it is lack of delete rights say and the file exists.

As a matter of interest Jasmin01 if you do this does it work:

start a cmd.exe prompt

echo %temp%
dir > "%temp%\dir.txt"
dir > "%temp%\dir.txt"
del "%temp%\dir.txt"

i.e. show where temp is, try and write twice to a file there then delete it.

and/or

dir > "%temp%\makelink.vbs"
dir > "%temp%\makelink.vbs"
del "%temp%\makelink.vbs"

Could it be some AV software you are using that is preventing the creation of VBS files?
0
 
Jasmin01Author Commented:
Thanks Dragon-it.  I just changed the location of the temp file, and it works great!
0
 
Steve KnightIT ConsultancyCommented:
glad we got there in the end.  interesting one and learned a few things myself alomg the way!

Still wonder how / why your temp directory wont give access mind.  i would investigate if I were you as otherwise you'll end up with other apps not working too?

Steve
0
 
Jasmin01Author Commented:
Thanks, I figured out the problem there, I accidentally set less permissions on my temp folder. :-)

just another question quickly, is there a way to remove those warning messages that say: "The publisher of this remote connection cannot be identified.  Do you want to connect anyway?"
0
 
Steve KnightIT ConsultancyCommented:
Yes... and No.  Not a simple process, easiest to tick the box on first use involving having certifcates that are trusted and then signing the rdp file with that certificate...

These docs explain a bit.

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/8ea47264-d065-48e3-b73e-0c1cf19dc8d7/

http://social.technet.microsoft.com/Forums/en-US/winserverTS/thread/f843bcd7-8a97-4c9f-9310-c6220a343544/
0

Featured Post

Nothing ever in the clear!

This technical paper will help you implement VMware’s VM encryption as well as implement Veeam encryption which together will achieve the nothing ever in the clear goal. If a bad guy steals VMs, backups or traffic they get nothing.

  • 28
  • 24
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now