Remote Desktop Setup in Active Directory
Ray Meche
machine? I know how to do it the manual way, but this seems unrealistic to
touch each machine for large companies with thousands of machines. It is
hard to find anything suggesting that you can do this on Microsoft's site.
Any help would be appreciated.
Alex K. Angelopoulos (MVP)
If you do mean the client, you can deploy the MSI install via Active
Directory or WMI. If you mean activating the host on XP Pro boxes, that
can be done via WMI, policies, or a registry script. Some more details
about what you're trying to do and the environment, and I can probably
suggest details on how to do this without you getting out of your chair
(that's how I like to work myself).
--
Please respond in the newsgroup so everyone may benefit.
http://dev.remotenetworktechnology.com
----------
Subscribe to Microsoft's Security Bulletins:
http://www.microsoft.com/technet/security/bulletin/notify.asp
"Ray Meche" <NoS...@NoSpam.com> wrote in message
news:uxiIr1xXCHA.2540@tkmsftngp09...
Ray Meche
Currently we have Active Directory Running in a Mixed Mode environment. We
have MSI installations already for various internal updates, Office, Windows
SP1..... so I am familiar with rolling out Software Installations. I just
want to enable Remote Desktop on the users machines anyway I can so that we
can use Remote Desktop on our users. We tested it awhile back before the
rollout, but we did it manually and it worked. Everything I have seen on
Microsoft's site suggests that you have to turn on remote access and add
users at the user's machine. I want to push that by policy whether it be
custom Policy settings (which we have done) or by MSI installations. I
guess we could modify that by changing registry settings in the login
script. If that is what you suggest, to make sure, what registry keys do we
need to set? If you need more info let me know. Thanks again for your
help!
"Alex K. Angelopoulos (MVP)" <a...@mvps.org> wrote in message
news:OwwYX8xXCHA.1668@tkmsftngp10...
Alex K. Angelopoulos (MVP)
You just belw a lot of my questions out of the water since it sounds
like you've been there and done that with a lot of the details.
Here's the scoop on the config - and I would absolutely love it if you
could confirm some details for me, since I haven't been able to try this
in a mass environment.
First, I have an applet which can be used locally on a system to do a
quick check on whether remote desktop or remote assistance is enabled:
http://dev.remotenetworktechnology.com/files/tsrdexaminer.zip
It does nothing exciting, but when you launch it it will pop up the
status of both, the listening ports, any local IP addresses, and the
hostname in a box.
What you are after is under the following key in the local registry:
"HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\"
The value of interest is a DWORD named:
"fDenyTSConnections"
Setting this flag to FALSE (0) should handle it for you.
Here's the problem: I cannot confirm that doing this programmatically
enables/disables RD. It MAY need a reboot to take effect after the
state change. Doing the registry edit in the GUI makes the chnage
instantly; doing it from script makes the change in the registry, but
the service does not start listening right away, so a "change and run"
script would require remotely reinitializing this somehow - probably
telling the service to re-read its settings, which I haven't looked into
yet.
Here's a VBScript function that does the state change, then returns a
result of "true if it succeeds and "false" if it doesn't. The reboot
test needs to be done... :-)
Function SetRdState(desiredState)
' Set to true to enable RD on XP Pro
' False to disable
' returns true if call succeeds, false on error
Dim Sh, key_TS, keyValue
SetRdState = False
Set Sh = CreateObject("WScript.Shell")
Key_TS = "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\"
keyValue = Clng(Abs(CInt(desiredState)))
WScript.Echo "Desired value is", keyValue
On Error Resume Next
Err.Clear
Sh.RegWrite Key_TS & "fDenyTSConnections", keyValue, "REG_DWORD"
If Err.Number = 0 Then SetRdState = True
Err.Clear
On Error Goto 0
End Function
--
Please respond in the newsgroup so everyone may benefit.
http://dev.remotenetworktechnology.com
----------
Subscribe to Microsoft's Security Bulletins:
http://www.microsoft.com/technet/security/bulletin/notify.asp
"Ray Meche" <NoS...@NoSpam.com> wrote in message
news:emfeGHyXCHA.2544@tkmsftngp11...
Ray Meche
scripts, but you seem to run into a problem if you have disabled registry
editing for the user. In other words, it works on our administrator
machines, but not the end user. This would be an easy solution in a less
controlled environment, although I don't know any company that gives their
users access to the registry (knowingly). In any case, I don't know of a
runas solution for a logon script to be able to run the script as an
administrator so I just put the proper registry setting into on of our
existing MSI installations from Visual Studio Installer. Works like a
champ. To answer your question about rebooting, no you don't have to reboot
with the login script solution. Thanks for your help. If you have any more
questions let me know.
"Alex K. Angelopoulos (MVP)" <a...@mvps.org> wrote in message
news:u5J9QzyXCHA.1432@tkmsftngp10...
Alex K. Angelopoulos (MVP)
I have some WSH pieces for doing this, but they are all local and I
haven't grunged back through the WMI stuff which needs to be done to
correctly use StdRegProv for remote changes. The WMI route has another
annoyance, which is that it takes up to a minute to fail if the remote
system isn't up, so a "pull" install (which yours effectively is since
it waits for the machine to contact AD) is better anyway.
In news:#J8y6l1XCHA.2416@tkmsftngp09,
Ray Meche typed: