Enable Remote Desktop for Windows 7 from remote command line

I have a multitude of Windows 7 workstations that I can access via command line via Dameware.  I need to enable Remote Desktop for them all and specify Network Level Authentication as well as the user.  I know that I can enable using:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

... but beyond that, I'm a bit stuck.  Can anyone advise of the command that would enable NLA and allow me to specify the domain user?

Thanks in advance!
LVL 1
PERSJWMAsked:
Who is Participating?
 
Tony GiangrecoConnect With a Mentor Commented:
You should be able to edit the default domain GPO and add it in.
0
 
PERSJWMAuthor Commented:
I don't want to do this via GPO.  I need the commands.  Thanks!
0
 
KimputerConnect With a Mentor Commented:
For point 3:

net localgroup "Remote Desktop Users" domain\user /add

Point 2 is more difficult, as you ADD something to a string in your registry, you don't replace it so easily with just one command.
0
Learn to develop an Android App

Want to increase your earning potential in 2018? Pad your resume with app building experience. Learn how with this hands-on course.

 
PERSJWMAuthor Commented:
I can access remote registry as well so that's ok.  Can you advise what string to add and where?  Thank  you.
0
 
KimputerCommented:
Configure Network Level Authentication
1. Click Start, click Run, type regedit, and then press ENTER.
2. In the navigation pane, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
5. In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8. Restart the computer to check the result.
0
 
Lee W, MVPConnect With a Mentor Technology and Business Process AdvisorCommented:
Really surprised no one has thought of this - POWERSHELL.

invoke-command –ComputerName (Get-Content .\machines.txt) –Scriptblock {(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(1)}

See:
http://roger.steneteg.org/70/70/
0
 
PERSJWMAuthor Commented:
In retrospect it actually did end up being more proficient to use GPO so that's what I'm doing.  I awarded other points respectively.  Thanks so much for all of the suggestions and help.
0
All Courses

From novice to tech pro — start learning today.