Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 904
  • Last Modified:

Enable Remote Desktop for Windows 7 from remote command line

I have a multitude of Windows 7 workstations that I can access via command line via Dameware.  I need to enable Remote Desktop for them all and specify Network Level Authentication as well as the user.  I know that I can enable using:

reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f

... but beyond that, I'm a bit stuck.  Can anyone advise of the command that would enable NLA and allow me to specify the domain user?

Thanks in advance!
0
PERSJWM
Asked:
PERSJWM
3 Solutions
 
Tony GiangrecoCommented:
You should be able to edit the default domain GPO and add it in.
0
 
PERSJWMAuthor Commented:
I don't want to do this via GPO.  I need the commands.  Thanks!
0
 
KimputerCommented:
For point 3:

net localgroup "Remote Desktop Users" domain\user /add

Point 2 is more difficult, as you ADD something to a string in your registry, you don't replace it so easily with just one command.
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
PERSJWMAuthor Commented:
I can access remote registry as well so that's ok.  Can you advise what string to add and where?  Thank  you.
0
 
KimputerCommented:
Configure Network Level Authentication
1. Click Start, click Run, type regedit, and then press ENTER.
2. In the navigation pane, locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
3. In the details pane, right-click Security Packages, and then click Modify.
4. In the Value data box, type tspkg. Leave any data that is specific to other SSPs, and then click OK.
5. In the navigation pane, locate and then click the following registry subkey:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders
6. In the details pane, right-click SecurityProviders, and then click Modify.
7. In the Value data box, type credssp.dll. Leave any data that is specific to other SSPs, and then click OK.
8. Restart the computer to check the result.
0
 
Lee W, MVPTechnology and Business Process AdvisorCommented:
Really surprised no one has thought of this - POWERSHELL.

invoke-command –ComputerName (Get-Content .\machines.txt) –Scriptblock {(Get-WmiObject -class "Win32_TSGeneralSetting" -Namespace root\cimv2\terminalservices -Filter "TerminalName='RDP-tcp'").SetUserAuthenticationRequired(1)}

See:
http://roger.steneteg.org/70/70/
0
 
PERSJWMAuthor Commented:
In retrospect it actually did end up being more proficient to use GPO so that's what I'm doing.  I awarded other points respectively.  Thanks so much for all of the suggestions and help.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now