Networking

How to enable Remote Desktop on a remote computer

Tim Malone describes how to enable Remote Desktop on a remote computer

The other day I set up a new workstation for an employee in a remote office. We are a small company so I usually have new computers shipped to me in our main office where I configure them before shipping them out. In a hurry to get the XP machine out the door I did everything else except enable remote desktop. I've done this several times.

Of course as soon as the computer arrived the remote user had an issue with something that needed to be tweaked. I think I had neglected to set up his profile in Outlook. He didn't want me to walk him through the steps on the phone so he went to lunch and left the machine on for me to work on remotely. That's when I discovered I couldn't get into it.

We're on a Microsoft domain here. The computer had been joined to the domain before it left the building. The remote location is on a VPN and also has a domain controller there. Having a domain controller in the remote office is not a requirement but you must be able to 'see' the computers in the remote office through Active Directory.

There is a way to enable the remote desktop feature but it took forever to find it and take care of the issue before the employee returned. You might be able to use this little trick sometime so I'll post it here. There's probably more than one way to do this but here is how it worked for me.

The first step is to make sure you are logged on as a user that has domain admin privileges. Logging on to a Server 2003 as the administrator works just fine. Next launch the registry editor and open the registry on the remote computer using File - Connect Network Registry.

Navigate to the remote computer in Active Directory and browse to this registry key:

HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

Change the fDenyTSConnection DWord value to 0 to enable Remote Desktop.

Exit regedit and do a remote reboot from a command prompt window:

shutdown -m \\computername -r

Give the remote computer a few minutes to reboot. You can now do a Remote Desktop session to the computer in the remote office. If you are unable to get into the remote computer via the registry editor then you might have to temporarily disable the Microsoft firewall.

You can disable the Windows firewall service remotely by using 'Services' under the Administrative Tools. Use 'Connect to another computer' from the Action pull-down menu. This only works in a Microsoft domain setting so don't go thinking you can hack into XP computers all over the Internet if you just happen to know their IP address.

I'm sure I've left out all kinds of details but this is the basic method to remotely enable Remote Desktop on Windows XP computers in a Microsoft domain. Questions? I will be happy to clarify in the comments.

Tim Malone, MCSE

11 comments
ajohnson
ajohnson

I have a concern perhaps someone can provide an answer on this. I have a suspision this REG tweak has been carried out on a server within my domain network. Whats the minimum permisions you need to perform this action. No one but me has domain admin access, some have local admin access to client PC's.?

MariaJones
MariaJones

An alternative solution to support remote computers is RHUB. It?s appliance and hence can be hosted in-house. You may want to have a look at here http://www.rhubcom.com

ImL8
ImL8

Woohoo! I've been trying to connect to my server remotely, and could not. I am using vista and had to connect to a windows 2003 server. I ran regedit, then connected to a remote registry (from the file menu), changed the key mentioned above, closed regedit, typed the ip of my server in the remote desktop connection, and it let me in. Didn't need to reboot the server. Thanks for the help!

aze99
aze99

This cant be done if file and print sharing services is not enabled on the client in the first place. I just find this out last week and been tearing my hair out. If the client is near, that's fine. But if it is miles away, then is there a way to remote through registry or something ? The thing is neither the registry or the computer management can be accessed if FP sharing is not enabled. It is not enough that the services is enabled but the FP must be enabled. Am I wrong? Which part ?

The Listed 'G MAN'
The Listed 'G MAN'

Incorrect in a way - the server you are changing the REG setting from must be able to 'see' the computer through AD - in order to authenticate the remote REG edit. After which (the change is made) all you need is an IP connection to initiate a remote session.

PureCoffee
PureCoffee

This is good. But... What I don't understand is if the remote user is on a VPN connection, how at reboot you would be able to connect to the machine since the VPN Connection would have been terminated. I must be missing something! Thanks -/sf

purpleboarder
purpleboarder

Tim, BTW, good article on this subject. RD is a great/necessary tool to use. However, I found that I don't have to edit the registry to enable RD on a remote PC. As long as the PC is powered on, part of the domain, and online, I can use the "Computer/Users" utility. I usually drill down to the OU structure to find the PC, right-click the PC, and choose "Manage". Here, I can add any user to the local admin group, or the local Remote group. As far as I know, it doesn't matter if the user is logged on or not when doing this. Hopefully nobody is logged on when you want to remote in, otherwise, as you probably know, you can knock them off. I hope this helps....

wizard57m-cnet
wizard57m-cnet

Try re-posting in the Q&A section.The 'Discussion' forum is for matters of general discussion, not specific problems in search of a solution. The 'Water Cooler' is for non-technical discussions. You can submit a question to 'Q&A' here: http://www.techrepublic.com/forum/questions/post?tag=mantle_skin;content There are TR members who specifically seek out problems in need of a solution. Although there is some overlap between the forums, you'll find more of those members in 'Q&A' than in 'Discussions' or 'Water Cooler'. Be sure to use the voting buttons to provide your feedback. Voting a '+' does not necessarily mean that a given response contained the complete solution to your problem, but that it served to guide you toward it. This is intended to serve as an aid to those who may in the future have a problem similar to yours. If they have a ready source of reference available, perhaps won't need to repeat questions previously asked and answered. If a post did contain the solution to your problem, you can also close the question by marking the helpful post as "The Answer". . . Let the zombies sleep

tim
tim

I wasn't very clear on that point, was I? We use static VPNs between Netscreen firewalls so it is always on. There are multiple computers in that remote office and I want to be able to get to all of them. The static VPN allows me to do that.

jkm02571
jkm02571

Use caution when putting anyone in the local admin group. If you forget to remove them when you're finished with your task, the client is vulnerable to abuse. I prefer the method of enabling remote access is safer. My only discomfort is with editing the registry remotely.

Editor's Picks