Remote Desktop is one of the most important support tools for administrators of remote computers, but it’s often not enabled on desktop systems when you need it. If you know what you’re looking for, however, it’s fairly easy to enable it remotely on a network.
The Remote Desktop service on desktop systems is always running, even if remote access is disabled. Whether remote connections are enabled or disabled is controlled by a value named fDenyTSConnections under the registry key HKEY_LOCAL_ MACHINE\SYSTEM\Current- ControlSet\Control\Terminal Server. By default, this value is 1 (which is disabled). When you use the Remote tab in the System Properties dialog box to enable Remote Desktop access (shown in Figure 1 for a computer running Windows Vista), this value changes to 0.
Because you can enable remote connections through the registry, you have a wide range of options for modifying Remote Desktop access. Essentially, any technique for accessing a registry value will work, including the following:
- You can open regedit, connect to the remote computer, then change the value.
- You can have a PC import a .reg file on startup.
- You can use Windows Management Instrumentation’s (WMI’s) System Registry provider to make the change from a script.
- You can use reg.exe to make the change from the command line or a script.
Many administrators seem to need to enable Remote Desktop access on the fly. It’s also usually a good practice to turn the remote connection back off when you’re done using it. So, to simplify the process of checking whether Remote Desktop is enabled, enabling it if it’s not, and disabling it after you’re done using it, I wrote three one-line .cmd scripts: CheckRD.cmd, RDOn.cmd, and RDOff.cmd.
To check whether a computer has Remote Desktop enabled, you can run the CheckRD.cmd script in Listing 3. To download it and the other scripts, click the Download the Code Here button at the top of this article. CheckRD .cmd and the other two scripts take a single command-line argument: the name of the remote computer to connect to. For example, if you want to use CheckRD.cmd to see whether Remote Desktop is enabled on the remote computer named Client07, you’d run the command
You can also use this script to check the setting on the local system. Just specify a period (.) as the name of the host computer. No matter whether you check a local or remote system, the script returns the value of fDenyTSConnections. If Remote Desktop is disabled, 0x1 is returned. If it’s enabled, 0x0 is returned.
To enable Remote Desktop, you can run RDOn.cmd, which Listing 4 shows. You need to run this script from an account that has sufficient privileges to change the remote machine’s registry. To enable access on the Client07 computer, you’d run the script with the command
You’ll be able to immediately make a remote connection.
If you need to disable Remote Desktop after you’re done using it, you can run RDOff.cmd in Listing 5. For example, to turn Remote Desktop off on the Client07 computer, you’d use the command
As you can see, CheckRD .cmd, RDOn.cmd, and RDOff .cmd are simple scripts. But don’t let their simplicity deceive you. These scripts let you easily enable and disable a computer’s remote connection on demand.
Senior Network Engineer