Solved

Enable Remote Desktop for Windows 7 from remote command line

Posted on 2014-04-10
7
807 Views
Last Modified: 2014-04-10
I have a multitude of Windows 7 workstations that I can access via command line via Dameware.  I need to enable Remote Desktop for them all and specify Network Level Authentication as well as the user.  I know that I can enable using:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

... but beyond that, I'm a bit stuck.  Can anyone advise of the command that would enable NLA and allow me to specify the domain user?

Thanks in advance!
0
Comment
Question by:PERSJWM
7 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 300 total points
ID: 39991615
You should be able to edit the default domain GPO and add it in.
0
 
LVL 1

Author Comment

by:PERSJWM
ID: 39991622
I don't want to do this via GPO.  I need the commands.  Thanks!
0
 
LVL 35

Assisted Solution

by:Kimputer
Kimputer earned 150 total points
ID: 39991663
For point 3:

net localgroup "Remote Desktop Users" domain\user /add

Point 2 is more difficult, as you ADD something to a string in your registry, you don't replace it so easily with just one command.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 1

Author Comment

by:PERSJWM
ID: 39991690
I can access remote registry as well so that's ok.  Can you advise what string to add and where?  Thank  you.
0
 
LVL 35

Expert Comment

by:Kimputer
ID: 39991795
Configure Network Level Authentication
1. Click Start, click Run, type regedit, and then press ENTER.
2. In the navigation pane, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
5. In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8. Restart the computer to check the result.
0
 
LVL 95

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 50 total points
ID: 39991990
Really surprised no one has thought of this - POWERSHELL.

invoke-command –ComputerName (Get-Content .\machines.txt) –Scriptblock {(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(1)}

See:
http://roger.steneteg.org/70/70/
0
 
LVL 1

Author Closing Comment

by:PERSJWM
ID: 39992034
In retrospect it actually did end up being more proficient to use GPO so that's what I'm doing.  I awarded other points respectively.  Thanks so much for all of the suggestions and help.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hi Friends, These registry tweaks will help you optimizing your Windows 7 system for any VDI. This will improve the machine performanance and can be used on normal systems also. These are few registry tweaks which will add value by enhancing the …
You may have a outside contractor who comes in once a week or seasonal to do some work in your office but you only want to give him access to the programs and files he needs and keep privet all other documents and programs, can you do this on a loca…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will teach you how to the overview of Microsoft Security Essentials. This is a free anti-virus software that guards your PC against viruses, spyware, worms, and other malicious software. This will be demonstrated using Windows…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now