Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Remote Desktop

0 views
Skip to first unread message

Fredrick A. Zilz

unread,
Nov 6, 2003, 12:57:28 PM11/6/03
to
Is there a Group Policy template or setting that will all me to give an
admin rights to log onto all of the computers in an OU via remote desktop?
I see the Remote Assistance settings, but that requires user intervention at
the local desktop.

Thanks


Brian Desmond [MVP]

unread,
Nov 6, 2003, 7:13:02 PM11/6/03
to
Add the user you want to give these rights to to the Remote Desktop users
domain group.

--
--
Brian Desmond
Windows Server MVP
desm...@payton.cps.k12.il.us

Http://www.briandesmond.com


"Fredrick A. Zilz" <fz...@NOSPAM.interhealthusa.com> wrote in message
news:OuPay9Ip...@TK2MSFTNGP10.phx.gbl...

Matjaz Ladava [MVP]

unread,
Nov 7, 2003, 2:44:29 AM11/7/03
to
This is one part of the solution. The other problem, that is not solved is
how to enable Remote Desktop feature in Windows XP which is by default
disabled. AFAIK there is no GPO setting to do this, but you could use WMI to
remotely enable this one. There are two ways of doing this.

1.) wmic command line utility (saw this one in gp newsgroup few weeks ago)

wmic /node:"machinename" /user:"Administrator" rdtoggle where
(AllowTSConnections=0) call SetAllowTSConnections 1

you can substitute /node:"machinename" with /node:@"c:\computer_list.txt"
where computer_list.txt contains the list of computers on which you want RD
to be enabled

2.) Write your own script that uses WMI like the following one
strComputer = "."Set objWMIService = GetObject("winmgmts:" _ &
"{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")Set
colTSSettings = objWMIService.InstancesOf("Win32_TerminalServiceSetting")For
Each colTS in colTSSettings colTS.SetAllowTSConnections(1)Nextsubstitute
"." in strComputer with your remote computer Netbios, FQDN or IP address on
which you want this setting to be changed. If your users are local Admin
then you can add this script in theit logon script. This will change this
setting at logon time.

Next do what Brian suggested to actually allow them to connect remotely.

--
Regards

Matjaz Ladava, MCSE, MCSA, MCT, MVP
Microsoft MVP - Active Directory
mat...@ladava.com, mat...@mvps.org
http://ladava.com

"Brian Desmond [MVP]" <desm...@payton.cps.k12.il.us> wrote in message
news:udXnAOMp...@TK2MSFTNGP11.phx.gbl...

Brian Desmond [MVP]

unread,
Nov 7, 2003, 12:08:44 PM11/7/03
to
Hrmm - I didn't consider that its disabled by default - all our new machines
come with it enabled, so I must have it enabled in the image that the vendor
applies.

--
--
Brian Desmond
Windows Server MVP
desm...@payton.cps.k12.il.us

Http://www.briandesmond.com


"Matjaz Ladava [MVP]" <matjaz@_nospam_ladava.com> wrote in message
news:u43Z7LQp...@TK2MSFTNGP12.phx.gbl...

0 new messages