Windows Server

Remotely enable or disable remote desktop on a Windows Server

Remote desktop is the de facto administration tool, but sometimes it stops accepting connections. Read this tip to learn how to remotely enable or disable remote desktop.

Last year, I shared a few of my favorite tips to address remote desktop issues. I've discovered a new trick that can reconfigure remote desktop remotely; this is especially important if you don't have monitor (console) access, a network-attached KVM, someone local to the server console, or a hardware device such as an HP iLO or Dell DRAC.

Remote desktop for Windows Servers can be set through the registry. Remote access of the Windows registry is enabled by default (when Firewall is disabled), and remote desktop can be disabled or enabled. The HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections value is set to 1 by default to disable remote desktop; editing the value remotely to 0 will enable remote desktop on the next reboot. You can make a reboot happen immediately with either the shutdown command or the Restart-Computer PowerShell command. Please refer to one of my previous tips to learn how to launch these two commands.

Opening the fDenyTSConnections value through a remote registry (Figure A) is done with administrative permissions via Regedit and selecting the Connect Network Registry option from the File menu. (Note: Editing the registry is risky, so be sure you have a verified backup before saving any changes.) Figure A

Remotely opening the fDenyTSConnections registry value. (Click the image to enlarge.)

In order to make the change take effect, a reboot is required.

This configuration is a documented procedure and is outlined in this TechNet article. Remote desktop can be enabled or disabled on the fly when configured in Server Manager (Windows Server 2008) or on the Remote tab of My Computer (Windows Server 2003).

If you have used this trick to troubleshoot remote desktop, let us know in the discussion.

Stay on top of the latest Windows Server 2003 and Windows Server 2008 tips and tricks with our free Windows Server newsletter, delivered each Wednesday.

Automatically sign up today!

About

Rick Vanover is a software strategy specialist for Veeam Software, based in Columbus, Ohio. Rick has years of IT experience and focuses on virtualization, Windows-based server administration, and system hardware.

19 comments
sean
sean

Most of the time I find that I cannot access a server because someone has forgotten to log off, so I use the Terminal Services Manager to connect to the server and disconnect their sessions, 90% of the time this works, the other 10% of the time I usually have a hanging server so have to get up out of my chair to fix it, which is most inconvenient :D

a2wasakra
a2wasakra

better alternative is : sysinternals psexec. psexec \\remotecomputername netsh firewall set service remoteadmin enable psexec \\remotecomputername netsh firewall set service remotedesktop enable

jc@dshs
jc@dshs

I use remote desktop to logon to the various servers on my network, too. However, on one system that I am not the main administrator I sometimes get a message saying too many connections or some such. Is there a limit to how many remote desktop connections can be made and if so where do I go to change that number?

bckerr
bckerr

I am still finding the remote software that Microsost has for their operating systems too cumbersome and limited usefullness. I have been using Teamviewer for awhile now, and I have to say that program is easy as heck and true remote administration. Much better than Microsoft's version of remote access.

ty
ty

Rick, I want to clarify what you meant in your article: "In order to make the change take effect, a reboot is required." Reboots are only necessary for workstations, but not for Server 2008 or Server 2003 machines, correct?

ms
ms

Although, I don't think a restart is always necessary? Maybe it's different on XP Pro. I haven't had to do this on Server 2k3.

dfa19
dfa19

Theres a very easy way to bypass your problem, I use this frequently on our term server as various payroll and HR associates leave there session hanging. run the following command from the run window/ command prompt. "mstsc -v:servername /F -console" heres Microsofts explanation. http://support.microsoft.com/kb/278845

jcbronson
jcbronson

Unless Terminal Services is enabled, you'll only get two sessions (three if you count the console session). You can remotely kill a session (typically left behind as "disconnected" because the user just closed the MSTSC window) if you use the Terminal Service manager / Remote Desktop Services Manager.

Thump21
Thump21

Another Thumbs-Up for TeamViewer :)

b4real
b4real

TeamViewer. Haven't heard of the tool yet, thanks.

ozchorlton
ozchorlton

Another advantage, of Team Viewer, is it works, on my iPhone :-)

popova71
popova71

I use this VBS script mostly on XP workstations, never had to reboot. I found it on the Net and tweaked it a bit. ---- Begin script ' EnableRemoteDesktop.vbs ' Copyleft 2004 Alejandro Leal ' ajleal@cantv.net ' Version 0.1 - August 20, 2004 - First version ' Version 0.2 - September 31, 2004 - OS Detection to prevent registry ' change if is not WinXP or Win2003 ' ' This script ask for an machine name and enable Remote Desktop ' for Administration (Windows XP & Windows 2003). ' ' You have a royalty-free right to use, modify, reproduce, and ' distribute this script file in any way you find useful, provided that ' you agree that the copyright owner above has no warranty, obligations, ' or liability for such use. Option Explicit On Error Resume Next Dim objReg, objWMIService, objItem, colItems Dim strComputer, strKeyPath, strValueName, strValue Const HKEY_LOCAL_MACHINE = &H80000002 If WScript.Arguments.Count 1 Then strComputer = InputBox("Enter machine name you want to " &_ "enable Remote Desktop", "Machine Name?", "") If strComputer = "" Then Call cleanUP End If Else strComputer = WScript.Arguments(0) End If Set objReg=GetObject("winmgmts:{impersonationLevel=impersonate}!\\" &_ strComputer & "\root\default:StdRegProv") If Err.Number 0 Then Wscript.Echo Err.Number & " The remote machine (" & strComputer & ")" &_ " is unavailable or access denied." Err.Clear Call cleanUP End If strKeyPath = "SOFTWARE\Microsoft\Windows NT\CurrentVersion" strValueName = "CurrentVersion" objReg.GetStringValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue If strValue >= 5.1 Then strKeyPath = "SYSTEM\CurrentControlSet\Control\Terminal Server" strValueName = "fDenyTSConnections" objReg.GetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue If strValue = 0 Then Wscript.Echo "Remote Desktop is already enabled on: " & strComputer Call cleanUP Else strValue = 0 objReg.SetDWORDValue HKEY_LOCAL_MACHINE,strKeyPath,strValueName,strValue Wscript.Echo "Remote Desktop was enabled on: " & strComputer Call cleanUP End If Else Wscript.Echo "The remote machine (" & strComputer & ")" &_ "is not Windows XP or Windows 2003" Call cleanUP End If 'Cleanning UP Sub cleanUP Set strComputer = Nothing Set strKeyPath = Nothing Set strValueName = Nothing Set strValue = Nothing Set stdOut = Nothing Set objReg = Nothing WScript.Quit End Sub

brent.young
brent.young

Have done this on W2k3 servers and have never had to reboot the machine before RDC'ing in.

Skaughty
Skaughty

I use this trick all the time, and never had to wait more than 30 seconds for the change to take, and then log in.

jc@dshs
jc@dshs

Thanks for the speed and variety of responses to my little problem. I knew there was a damn good reason why I subscribed to Tech Republic all those years ago and you guys just keep reinforcing what a great decision it was. Cheers.

ms
ms

Article said you needed to restart. Sounded odd.

Editor's Picks