?
Solved

Enable Remote Desktop for Windows 7 from remote command line

Posted on 2014-04-10
7
Medium Priority
?
850 Views
Last Modified: 2014-04-10
I have a multitude of Windows 7 workstations that I can access via command line via Dameware.  I need to enable Remote Desktop for them all and specify Network Level Authentication as well as the user.  I know that I can enable using:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

... but beyond that, I'm a bit stuck.  Can anyone advise of the command that would enable NLA and allow me to specify the domain user?

Thanks in advance!
0
Comment
Question by:PERSJWM
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 25

Accepted Solution

by:
Tony Giangreco earned 1200 total points
ID: 39991615
You should be able to edit the default domain GPO and add it in.
0
 
LVL 1

Author Comment

by:PERSJWM
ID: 39991622
I don't want to do this via GPO.  I need the commands.  Thanks!
0
 
LVL 36

Assisted Solution

by:Kimputer
Kimputer earned 600 total points
ID: 39991663
For point 3:

net localgroup "Remote Desktop Users" domain\user /add

Point 2 is more difficult, as you ADD something to a string in your registry, you don't replace it so easily with just one command.
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 1

Author Comment

by:PERSJWM
ID: 39991690
I can access remote registry as well so that's ok.  Can you advise what string to add and where?  Thank  you.
0
 
LVL 36

Expert Comment

by:Kimputer
ID: 39991795
Configure Network Level Authentication
1. Click Start, click Run, type regedit, and then press ENTER.
2. In the navigation pane, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
5. In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8. Restart the computer to check the result.
0
 
LVL 96

Assisted Solution

by:Lee W, MVP
Lee W, MVP earned 200 total points
ID: 39991990
Really surprised no one has thought of this - POWERSHELL.

invoke-command –ComputerName (Get-Content .\machines.txt) –Scriptblock {(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(1)}

See:
http://roger.steneteg.org/70/70/
0
 
LVL 1

Author Closing Comment

by:PERSJWM
ID: 39992034
In retrospect it actually did end up being more proficient to use GPO so that's what I'm doing.  I awarded other points respectively.  Thanks so much for all of the suggestions and help.
0

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

One of the features I've come to appreciate about Windows 7 and Windows Server 2008 R2 is the ability to pin applications to the task bar. As useful a feature as I've found this, it does have some quirks.  For example, have you ever tried pinning an…
By default the complete memory dump option is disabled in windows . If we want to enable the complete memory dump for a diagnostic purpose, we have a solution for it. here we are using the registry method to enable this.
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
This Micro Tutorial will teach you how to change your appearance and customize your Windows 7 interface to your unique preference. This will be demonstrated using Windows 7 operating system.
Suggested Courses
Course of the Month14 days, 18 hours left to enroll

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question