command line Interface

Hi All,

Could someone tell me how to run a .cmd script to enable remote desktop?

I would like to enable "Allow connections only from computers running Remote Desktop with Network Level Authentication (more secure).  And Add administrator to the selected users list.

I'm using windows 7

Thanks in advance
ReyesrjAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

KimputerCommented:
Make a ts.reg file:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"fDenyTSConnections"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"UserAuthentication"=dword:00000001
"SecurityLayer"=dword:00000001
"fAllowSecProtocolNegotiation"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteDesktop-UserMode-In-TCP"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=3389|App=%SystemRoot%\\system32\\svchost.exe|Svc=termservice|Name=@FirewallAPI.dll,-28775|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|"
"RemoteDesktop-UserMode-In-UDP"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3389|App=%SystemRoot%\\system32\\svchost.exe|Svc=termservice|Name=@FirewallAPI.dll,-28776|Desc=@FirewallAPI.dll,-28777|EmbedCtxt=@FirewallAPI.dll,-28752|"
"RemoteDesktop-Shadow-In-TCP"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\\system32\\RdpSa.exe|Name=@FirewallAPI.dll,-28778|Desc=@FirewallAPI.dll,-28779|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=TRUE|Defer=App|"

Open in new window



in the batch file (same folder as reg file):

regedit /s ts.reg
net localgroup "Remote Desktop Users" domain\user /add

Open in new window


Needless to say, only admins can execute this successfully.
0
ReyesrjAuthor Commented:
Thanks Kimputer,

Sorry I'm new at this.

How do I make a ts.reg file and where do I place it.

I am a member of the administrator group.  We don't use Active directory on our network.
0
KimputerCommented:
Open notepad, copy & paste the code from the code block. Save file as ts.reg (make sure you have control over the file extension, rename to ts.reg  when you find out it was saved as ts.reg.txt). Create batch file the same way.
Preferably save it at a same location where you will execute the batch file, so it could be anywhere.
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

ReyesrjAuthor Commented:
THANKS!!!!!

That worked perfect!!!

One last thing, I hope you don't mind.  And it may not really matter because the above worked perfect.

But, I have seen a script where the script showed something like %host%\administrator.  How could I apply this in the above script.  We will be cloning workstations and the master workstation will run the script in the taskscheduler, one time, after the client workstations reboot.

Thanks
0
ReyesrjAuthor Commented:
I just noticed that the radio button next to, "Allow Connections only from computers running Remote Desktop with Network Level Authentication (more secure) is not marked.  Please see attachment.  The administrator is in the selected users list.

Please help.
0
KimputerCommented:
Slight change in ts.reg:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"fDenyTSConnections"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"UserAuthentication"=dword:00000001
"SecurityLayer"=dword:00000001
"fAllowSecProtocolNegotiation"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"RemoteDesktop-UserMode-In-TCP"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|LPort=3389|App=%SystemRoot%\\system32\\svchost.exe|Svc=termservice|Name=@FirewallAPI.dll,-28775|Desc=@FirewallAPI.dll,-28756|EmbedCtxt=@FirewallAPI.dll,-28752|"
"RemoteDesktop-UserMode-In-UDP"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|LPort=3389|App=%SystemRoot%\\system32\\svchost.exe|Svc=termservice|Name=@FirewallAPI.dll,-28776|Desc=@FirewallAPI.dll,-28777|EmbedCtxt=@FirewallAPI.dll,-28752|"
"RemoteDesktop-Shadow-In-TCP"="v2.22|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|App=%SystemRoot%\\system32\\RdpSa.exe|Name=@FirewallAPI.dll,-28778|Desc=@FirewallAPI.dll,-28779|EmbedCtxt=@FirewallAPI.dll,-28752|Edge=TRUE|Defer=App|"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Remote Assistance]
"fAllowToGetHelp"=dword:00000001

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ReyesrjAuthor Commented:
Thanks Kimputer!!!

I was able to figure out how to write to the registry and this is what was missing:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\"Terminal Server"\WinStations\RDP-Tcp]
"UserAuthentication"=dword:00000001

Perfect now, thanks to you!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Scripting Languages

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.