Remotely enable RDP.
- May 9th, 2017
- Posted in Documentation
- Write comment
Download psexec.exe to run commands remotely on the remote machine.
See Windows 10 note at the end of this post.
Once installed, run psexec to bring up a command prompt on the remote machine:
C:\Tools> psexec \\remotecomputer cmd
Turn off the firewall:
C:\Windows\system32> netsh advfirewall set currentprofile state off
Default Profiles: AllProfiles, CurrentProfile, DomainProfile, PrivateProfile, or PublicProfile.
Create a rule to allow Remote Desktop through the firewall:
C:\Windows\system32> netsh advfirewall firewall set rule group=”Remote Desktop Access” new enable=Yes
These netsh commands will return an “Ok!” when successful.
Next ensure that the “Remote Registry” service is started, so you can modify the registry to enable Remote Desktop:
C:\Windows\system32> net start “Remote Registry”
Then, from your local machine open regedit and select File/Connect Network Registry…
Enter the name or I.P. address of the remote machine.
Once connected, navigate to “REMOTEMACHINE\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server”
Then, double click fDenyTSConnections and change it from a 1 to a 0.
Then, back on your psexec session restart the “Remote Desktop Services” service:
C:\Windows\system32> net stop “Remote Desktop Services”
C:\Windows\system32> net start “Remote Desktop Services”
Now, you should be able to connect, and still connect after rebooting if you set the “Remote Desktop Services” service to Automatic so it starts at boot.
Windows 10 note:
You can also use REG.EXE to edit the registry from your PSEXEC.EXE session. This worked well for Windows 10 without needing to enable Remote Administration:
C:\Windows\system32> REG ADD “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server” /v fDenyTSConnections /t REG_DWORD /d 0 /f
No comments yet.