Remotely Enabling Remote Desktop (the 1337 way)

So this one is a little obscure, but lemme paint a quick picture:

A few years back, I had a small client site that had some remote users and executives that would connect to their office workstations from home via VPN / Remote Desktop.  One day an executive got a new computer and “we” forgot to enable Remote Desktop for her.  Normally this could have been addressed by a GPO, but it was a really small client site, and we just didn’t put that much complexity into the configuration.  Anyway, this same day the user wanted to work from home and she was not able to connect.  She proceeded to call me during dinner to inform me of this situation!  I wanted to help but was thinking it would be tough to allow remote access REMOTELY!  But I thought of a way!  After I completed the below steps I contacted the user and she was able to connect!

I was so proud of myself I saved the steps and now I want to share it with everyone today.  I used a combination of a free utility called psexec which can be downloaded here.  I also used the built-in command prompt and registry editor that comes with Windows.   Look at the below window, and follow the command prompt progress.  I’ve commented along the way in green.

C:\Documents and Settings\admin>”C:\Documents and Settings\admin\Desktop\psexec.exe” \\computer0123 cmd.exe

 

PsExec v1.94 – Execute processes remotel

Copyright (C) 2001-2008 Mark Russinovich

Sysinternals – http://www.sysinternals.com

 

 

Microsoft Windows XP [Version 5.1.2600]

(C) Copyright 1985-2001 Microsoft Corp.

 

C:\WINDOWS\systeadmin2>hostname

computer0123

#verify hostname

C:\WINDOWS\systeadmin2>netsh firewall add portopening TCP 3389 rdp enable

Ok.

#now I’m sure remote desktop will be allowed through the firewall

 

C:\WINDOWS\systeadmin2>netstat -a

 

Active Connections

 

  Proto  Local Address          Foreign Address        State

  TCP    computer0123:epmap       computer0123.Eedge.net:0  LISTENING

  TCP    computer0123:microsoft-ds  computer0123.Eedge.net:0  LISTENING

  TCP    computer0123:39259       computer0123.Eedge.net:0  LISTENING

  TCP    computer0123:netbios-ssn  computer0123.Eedge.net:0  LISTENING

  TCP    computer0123:netbios-ssn  computer0123.Eedge.net:0  LISTENING

  TCP    computer0123:microsoft-ds  kaserver.eedge.net:10442  ESTABLISHED

  TCP    computer0123:1332        kadata.eedge.net:microsoft-ds  ESTABLISHED

  TCP    computer0123:1535        kaserver.eedge.net:netbios-ssn  ESTABLISHED

  TCP    computer0123:2033        kaserver.eedge.net:1025  TIME_WAIT

  TCP    computer0123:1060        computer0123.Eedge.net:0  LISTENING

  TCP    computer0123:10001       computer0123.Eedge.net:0  LISTENING

  UDP    computer0123:microsoft-ds  *:*

  UDP    computer0123:isakmp      *:*

  UDP    computer0123:1025        *:*

  UDP    computer0123:1026        *:*

  UDP    computer0123:1027        *:*

  UDP    computer0123:4500        *:*

  UDP    computer0123:ntp         *:*

  UDP    computer0123:netbios-ns  *:*

  UDP    computer0123:netbios-dgm  *:*

  UDP    computer0123:1900        *:*

  UDP    computer0123:ntp         *:*

  UDP    computer0123:netbios-ns  *:*

  UDP    computer0123:netbios-dgm  *:*

  UDP    computer0123:1900        *:*

  UDP    computer0123:ntp         *:*

  UDP    computer0123:1028        *:*

  UDP    computer0123:1044        *:*

  UDP    computer0123:1209        *:*

  UDP    computer0123:1900        *:*

#I see Remote Desktop is not enabled, as port 3389 is not in the list

#I then use regedit from my machine and remotely connect to the registry on her workstation and enable remote desktop.  (HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnection=0)

 

C:\WINDOWS\systeadmin2>shutdown -m \\computer0123 -r

The machine is locked and can not be shut down without the force option.

 

C:\WINDOWS\systeadmin2>shutdown -m \\computer0123 -r –f

 

C:\Documents and Settings\admin>

#it works now

For those who are lost in the command prompt, just look at these steps instead:

  1. Use psexec to open a cmd session on the computer0123 
  2. Use netsh to open a hole in the remote computer’s firewall for TCP 3389.  This is the port Remote Desktop uses.
  3.  Use netstat to check to see if remote desktop is currently listening/running
  4. Use regedit (not shown) to connect to computer0123’s registry and change the 1 to an 0 in the fDenyTSConnection key.
  5. Use the shutdown command to restart the computer, which is required when enabling Remote Desktop via the registry.

2 thoughts on “Remotely Enabling Remote Desktop (the 1337 way)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s