You’re stuck in a jam.  The remote workstation is on, the user isn’t there and you have a mandate.

“Install this software before you leave.” Of course the software just happens to be the one application you CAN’T just push.  It needs a local install.  “UGH!” your brain says to the world.

No problem.  As long as the computer is on your network, you can enable Remote Desktop access.

First you need to have local Administrative rights on the computer in question.

Launch REGEDIT and Choose File/Connect Network Registry

image

In the provided box, enter in the name of the computer

image

Once connected you’ll have a new option near the bottom.

image

Under the “2nd” HKEY-LOCAL-MACHINE (which is that nasty remote computer) Navigate to

HKEY-LOCAL-MACHINESystemCurrent Control SetControlTerminalServer

Edit the value called fDenyTSConnections and change from 1 to 0

change from 1 to 0

image

Now if you’re running Windows XP, you’re probably done and can happily remote in. 

With Windows 7 and Windows Vista there’s an extra step, you need to enable two rules on the Firewall

Navigate to the following registry key

HKEY-LOCAL-MACHINESystemCurrent Control SetservicesSharedAccessParametersFirewallPolicyFirewallRules

You’ll see a pile of values.  Find the one named “RemoteDesktop-In-TCP”

image

You’ll see a LOOOOOOOONNNNNG string of data in there.  Near the very beginning it will read something along the lines of what you see below

image

Edit the Active=FALSE to ACTIVE=TRUE so it reads as in the box below.  Click OK

image

Then execute the following command in a command prompt.

SHUTDOWN –f –r –t 0 –m \COMPUTERNAME

Where “COMPUTERNAME” is the NETBIOS name of the PC

or

SHUTDOWN –f –r –t 0 –m x.x.x.x

Where x.x.x.x is the IP address of the computer

Now you COULD probably trigger this via GPO and Preferences too.  But on the Enterprise why would you? Baaaaaad!

But in Small Business environments I have seen the need for this, so it COULD be set in those instances.   Of course you’ll have to remember add anybody who SHOULD be remoting to the local computer group “Remote Desktop Users

A handy thing to know how to do, especially if you are effectively “Locked away” from physical access to a managed machine.

Sean
The Energized Tech