Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
GPO using registry 1
- Thread starter jmanuel29
- Start date
Why do it that way? There is already a GPO option to do that, IIRC.
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
monsterjta
IS-IT--Management
Hope This Helps,
Good Luck!
- Thread starter
- #4
I have tried to do it by going to computer configuration -> windows components -> terminal services -> allow users to connect to terminal services but that option does not enable remote desktop on the client machine. The GP does not take effect. 58snipper where is the option on GPO that you are talking about???
monsterjta
IS-IT--Management
You'll need to reboot the box for the GPO to apply, as it is a Computer policy.
Hope This Helps,
Good Luck!
Hope This Helps,
Good Luck!
- Thread starter
- #6
monsterjta
IS-IT--Management
If you run a GPRESULT on the client, are you seeing the policy in the report?
Hope This Helps,
Good Luck!
Hope This Helps,
Good Luck!
-
1
- #8
Jmanuel29 is right about this one guys, I had looked at this about a year ago while working on some documentation for MS.
GPO allows you to select to Solicit or receive remote assistance but not configure remote desktop.
The registry key you need to set for this is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections
fDenyTSConnections is a DWORD value that must be set to 0 to allow remote desktop connections in.
Jmanuel29, you could easily script this however if you are not an accomplished scripter I would suggest that you deploy the registry setting via GPO using a free add in for AD.
Microsoft recently purchase Desktop Standard to be able to incorporate these tools.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
GPO allows you to select to Solicit or receive remote assistance but not configure remote desktop.
The registry key you need to set for this is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections
fDenyTSConnections is a DWORD value that must be set to 0 to allow remote desktop connections in.
Jmanuel29, you could easily script this however if you are not an accomplished scripter I would suggest that you deploy the registry setting via GPO using a free add in for AD.
Microsoft recently purchase Desktop Standard to be able to incorporate these tools.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Is it just me, or is there a script missing from markdmac's answer? 
Just teasing...
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
Just teasing...
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
monsterjta
IS-IT--Management
I may have read the question wrong, but even so...RDC is enabled for Admins to connect by default (unless your running below XP, then the RDC softare will likely need to be installed).
What is it you want to do? Allow any Authenticated User to connect to any client PC? If this is the case, you'll need to add these users to each PC's RDC user's properties. You could probably accomplish this by using Restricted Groups in group policy.
Hope This Helps,
Good Luck!
What is it you want to do? Allow any Authenticated User to connect to any client PC? If this is the case, you'll need to add these users to each PC's RDC user's properties. You could probably accomplish this by using Restricted Groups in group policy.
Hope This Helps,
Good Luck!
OK pat, here is a scritp to toggle the Remote Desktop Setting and log the event to the event logs.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Code:
'==========================================================================
'
' NAME: EnableDisableRemoteDesktop.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE : 12/13/2006
'
' COMMENT: Enables/Disables Remote Desktop, logs event to application log
'
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
' ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
' THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
' PARTICULAR PURPOSE.
'
' IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS
' BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
' DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
' WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
' ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
' OF THIS CODE OR INFORMATION.
'==========================================================================
On Error Resume Next
Dim WSHShell, path, rdStatus, enableStatus, report
Const INFORMATION = 4
Set WSHShell = CreateObject("WScript.Shell")
path ="HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\"
rdStatus = WSHSHell.RegRead(path & "fDenyTSConnections")
If rdStatus = "1" Then
If MsgBox("Do you wish to enable Remote Desktop?",vbYesNo, "Enable Remote Desktop?") = vbYes Then
WSHSHell.RegWrite path & "fDenyTSConnections","0", "REG_DWORD"
MsgBox "Remote Desktop Enabled"
enableStatus = "enabled"
Else
Wscript.Quit
End If
Else
If MsgBox("Do you wish to disable Remote Desktop?",vbYesNo, "Disable Remote Desktop?") = vbYes Then
WSHSHell.RegWrite path & "fDenyTSConnections","1", "REG_DWORD"
enableStatus = "disabled"
End If
End If
If Err.Number <> 0 Then
report = "An error was encountered configuring Remote Desktop"
Else
report = "Remote Desktop was " & enableStatus &" successfully."
End If
WshShell.LogEvent INFORMATION, report & vbCrLf & "Thank you for using The Spider's Parlor administrative scripts. [URL unfurl="true"]http://www.thespidersparlor.com/vbscript"[/URL]I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
monsterjta
IS-IT--Management
Nice one, markdmac. I especially like the plug in the event log! ![[smarty]](/data/assets/smilies/smarty.gif "[smarty] [smarty]")
Cool. Yet another star for you, Mark....
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
Pat Richard, MCSE MCSA:Messaging CNA
Microsoft Exchange MVP
Want to know how email works? Read for yourself -
Glad you like it guys.
Here is a repost of it, I neglected to put my standard copyright notice in.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Here is a repost of it, I neglected to put my standard copyright notice in.
Code:
'==========================================================================
'
' NAME: EnableDisableRemoteDesktop.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE : 12/13/2006
' COPYRIGHT (c) 2006 The Spider's Parlor
'
' COMMENT: Enables/Disables Remote Desktop, logs event to application log
'
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
' ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
' THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
' PARTICULAR PURPOSE.
'
' IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS
' BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
' DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
' WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
' ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
' OF THIS CODE OR INFORMATION.
'==========================================================================
On Error Resume Next
Dim WSHShell, path, rdStatus, enableStatus, report
Const INFORMATION = 4
Set WSHShell = CreateObject("WScript.Shell")
path ="HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\"
rdStatus = WSHSHell.RegRead(path & "fDenyTSConnections")
If rdStatus = "1" Then
If MsgBox("Do you wish to enable Remote Desktop?",vbYesNo, "Enable Remote Desktop?") = vbYes Then
WSHSHell.RegWrite path & "fDenyTSConnections","0", "REG_DWORD"
MsgBox "Remote Desktop Enabled"
enableStatus = "enabled"
Else
Wscript.Quit
End If
Else
If MsgBox("Do you wish to disable Remote Desktop?",vbYesNo, "Disable Remote Desktop?") = vbYes Then
WSHSHell.RegWrite path & "fDenyTSConnections","1", "REG_DWORD"
enableStatus = "disabled"
End If
End If
If Err.Number <> 0 Then
report = "An error was encountered configuring Remote Desktop"
Else
report = "Remote Desktop was " & enableStatus &" successfully."
End If
WshShell.LogEvent INFORMATION, report & vbCrLf & "Thank you for using The Spider's Parlor administrative scripts. [URL unfurl="true"]http://www.thespidersparlor.com/vbscript"[/URL]I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Sorry to be spamming the thread. Pat pointed out to me that clicking No to abort left a bad message in the log. This will take that into account.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
Code:
'==========================================================================
'
' NAME: EnableDisableRemoteDesktop.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE : 12/13/2006
' COPYRIGHT (c) 2006 The Spider's Parlor
'
' COMMENT: Enables/Disables Remote Desktop, logs event to application log
'
' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
' ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
' THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
' PARTICULAR PURPOSE.
'
' IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS
' BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
' DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
' WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
' ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
' OF THIS CODE OR INFORMATION.
'==========================================================================
On Error Resume Next
Dim WSHShell, path, rdStatus, enableStatus, report
Const INFORMATION = 4
Set WSHShell = CreateObject("WScript.Shell")
path ="HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\"
rdStatus = WSHSHell.RegRead(path & "fDenyTSConnections")
If rdStatus = "1" Then
If MsgBox("Do you wish to enable Remote Desktop?",vbYesNo, "Enable Remote Desktop?") = vbYes Then
WSHSHell.RegWrite path & "fDenyTSConnections","0", "REG_DWORD"
MsgBox "Remote Desktop Enabled"
enableStatus = "was enabled"
Else
enableStatus = "setup was aborted"
Wscript.Quit
End If
Else
If MsgBox("Do you wish to disable Remote Desktop?",vbYesNo, "Disable Remote Desktop?") = vbYes Then
WSHSHell.RegWrite path & "fDenyTSConnections","1", "REG_DWORD"
enableStatus = "was disabled"
Else
enableStatus = "setup was aborted"
Wscript.Quit
End If
End If
If Err.Number <> 0 Then
report = "An error was encountered configuring Remote Desktop"
Else
report = "Remote Desktop " & enableStatus &" successfully."
End If
WshShell.LogEvent INFORMATION, report & vbCrLf & "Thank you for using The Spider's Parlor administrative scripts. [URL unfurl="true"]http://www.thespidersparlor.com/vbscript"[/URL]I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
- Thread starter
- #16
monsterjta
IS-IT--Management
jmanuel29, here's the quick and dirty script. Just execute it on the local machine, and you're in business.
Furthermore, create a computer startup policy and add this script to it. You're done.
Hope This Helps,
Good Luck!
Code:
On error resume next
locTSConn = "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections"
strTSConn = "0"
Set objShell = CreateObject("WScript.Shell")
objShell.RegWrite locTSConn, strTSConn, "REG_DWORD"Furthermore, create a computer startup policy and add this script to it. You're done.
Hope This Helps,
Good Luck!
- Thread starter
- #18
yes, just add the script into a GPO.
My script is designed to prompt as it can toggle remote desktop on or off, you could however remove a section and just hard code the response as Monsterjta has provided.
I like to have the logging into the event logs for tracking when somethign was done. Furthermore, if implementing as a login script I would add code to see if it has already been run and exit to avoid constantly resetting a registry value.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
My script is designed to prompt as it can toggle remote desktop on or off, you could however remove a section and just hard code the response as Monsterjta has provided.
I like to have the logging into the event logs for tracking when somethign was done. Furthermore, if implementing as a login script I would add code to see if it has already been run and exit to avoid constantly resetting a registry value.
I hope you find this post helpful.
Regards,
Mark
Check out my scripting solutions at
monsterjta
IS-IT--Management
As long as the user has the appropriate rights to access the registry, then yes. Add it to a user logon script.
Hope This Helps,
Good Luck!
Hope This Helps,
Good Luck!
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question