Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Remote Desktop via Domian Policy

1 view
Skip to first unread message

Ken

unread,
Dec 11, 2002, 2:33:06 PM12/11/02
to
Hi everyone.

How can I enable remote desktop on all my Windows XP Pro clients through a
Windows 2000 domain policy? I have all Windows XP workstations and Windows
2000 Servers. I want to be able to connect remotely to any workstation (I
am an administrator) to help users without going to their desk.

Thanks,

Ken.
ken AT floridus DOT com


Bill Sanderson

unread,
Dec 11, 2002, 11:07:20 PM12/11/02
to
Here are a couple of snippets from a 10/30 thread in this group:

(from John)
------------------------------------------------------------------------------------------------
Remote Assistant
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Termina
l Server\fAllowToGetHelp
Use REG_DWORD with a value of 0 or 1
1 turns on 0 turns off

Remote Desktop
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Termina
l Server\fDenyTSConnections
Use REG_DWORD with a value of 0 or 1
0 turns on 1 turns off


>-----Original Message-----
>Does anyone know either the registry setting/s, or the
>computer/user configuration policy/ies which relate to
>enabling/disabling remote connections.
>Thanks
>.
>
----------------------------------------------------------------------------------------

And a WMI script from Vladimir Stoyanov [MS]
----------------------------------------------------------------------------------------
Or you could use a WMI script to do this remotely, here's a VB script
snippet, you have to change machine name and admin password:

---------------------------------------------
Function blnConnect(objService, strServer, strNameSpace, strUserName,
strPassword)

ON ERROR RESUME NEXT

DebugPrint "blnConnect: started"
Dim objLocator
blnConnect = True 'There is no error.

' Create Locator object to connect to remote CIM object manager

Err.Clear
Set objLocator = CreateObject("WbemScripting.SWbemLocator")
If Err.Number then
WSCript.Echo "Error 0x" & CStr(Hex(Err.Number)) & " occurred in
creating a locator object."
If Err.Description <> "" Then
Print "Error description: " & Err.Description & "."
WScript.Echo "Error description: " & Err.Description & "."
End If
Err.Clear
blnConnect = False 'An error occurred
Exit Function
End If

Err.Clear
' Connect to the namespace which is either local or remote
Set objService = objLocator.ConnectServer (strServer, strNameSpace,
strUserName, strPassword)

If Err.Number then
WScript.Echo "Error 0x" & CStr(Hex(Err.Number)) & " occurred in
connecting to server " _
& strServer & "."
If Err.Description <> "" Then
Print "Error description: " & Err.Description & "."
WScript.Echo "Error description: " & Err.Description & "."
End If
Err.Clear
blnConnect = False 'An error occurred
End If

objService.Security_.impersonationlevel = 3
if blnConnect = True then
DebugPrint "blnConnect: succeeded"
end if

End Function

'********************************************************************

Dim objServices
WScript.Echo "Start"

blnResult = blnConnect( objServices, "MyRemoteMachine", "root\cimv2",
"MyRemoteMachine\Administrator", "MyPassword" )

if not blnResult then
WScript.Echo "Error connecting"
MsgBox "Error connecting", vbExclamation, "Error"
End If

set terminal = objServices.Get("win32_TerminalServiceSetting='RDP-Tcp'")
result = terminal.SetAllowTSConnections( "1" )

WScript.Echo "Method returned result = " & result

if err <>0 then
WScript.Echo Err.Description, "0x" & Hex(Err.Number)
end if
-------------------------------------------------

--
This posting is provided "AS IS" with no warranties, and confers no rights.

----------------------------------------------------------------------------------------

"Ken" <puffthema...@nospam.floridus.com> wrote in message
news:uzp$dwUoCHA.2468@TK2MSFTNGP08...

Doug Knox MS-MVP

unread,
Dec 11, 2002, 11:12:33 PM12/11/02
to
The settings for this, XP, are in the Local Computer Policy, Computer Configuration, Administratrive Templates, Windows Components, Terminal Services section of the Group Policy Editor. The entry is:

Do not allow new client connections

This could also be set via a logon script. The Registry entry in question is:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server

fDenyTSConnections, DWORD, 0 = Allow remote connections, 1 = Disallow remote connections.

You can also open the System.ADM file on an XP machine (located in Windows\Inf) and do a find for "denyts". This will show you the structure of the entry so you can add it to your ADM files for the Win2K Group Policies.

--
Doug Knox, MS-MVP Windows XP/9x
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Associate Expert
ExpertZone - http://www.microsoft.com/windowsxp/expertzone
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.



"Ken" <puffthema...@nospam.floridus.com> wrote in message news:uzp$dwUoCHA.2468@TK2MSFTNGP08...

Ken

unread,
Dec 12, 2002, 12:38:07 PM12/12/02
to
Can I not simply copy the ADM files to my Windows XP domain controllers?
What would be the effect if I did this?

Thanks,

Ken.

"Doug Knox MS-MVP" <dk...@mvps.org> wrote in message
news:eS5cuSZoCHA.2412@TK2MSFTNGP09...

Doug Knox MS-MVP

unread,
Dec 12, 2002, 4:41:31 PM12/12/02
to
If they're XP machines, you wouldn't have a problem, but my understanding is that XP uses a new format, that is incompatible with the 2K GPEDIT tool.

--
Doug Knox, MS-MVP Windows XP/9x
Win 95/98/Me/XP Tweaks and Fixes
http://www.dougknox.com
--------------------------------
Associate Expert
ExpertZone - http://www.microsoft.com/windowsxp/expertzone
--------------------------------
Please reply only to the newsgroup so all may benefit.
Unsolicited e-mail is not answered.

"Ken" <puffthema...@nospam.floridus.com> wrote in message news:#q6u3UgoCHA.2428@TK2MSFTNGP10...

0 new messages