Apps

Enable and disable remote desktop on a Windows Server

Bill Detwiler shows you a cool registry hack that lets you remotely enable or disable remote desktop on a Windows Server.

Remote desktop is the de facto admin tool, for many Windows Server administrators. But, what do you do if remote desktop stops taking connections and you don't have easy physical access to the server? During this episode of TR Dojo, I show you a cool registry hack that lets you remotely enable or disable remote desktop.

For those who prefer text to video, you can click the Transcript link that appears below the video player window or read Rick Vanover's article, "Remotely enable or disable remote desktop on a Windows Server," on which this video is based.

You can also sign up to receive the latest TR Dojo lessons through one or more of the following methods:

About

Bill Detwiler is Managing Editor of TechRepublic and Tech Pro Research and the host of Cracking Open, CNET and TechRepublic's popular online show. Prior to joining TechRepublic in 2000, Bill was an IT manager, database administrator, and desktop supp...

21 comments
benwal91
benwal91

Well this didnt work... Mine is already set to 0. But I still can't connect remotely. I've been trying this thing for weeks!

MytonLopez
MytonLopez

I have done this to XP machines remotely and believe you don't need a reboot the system. I also noticed the shutdown cmd was different than what I have used in the past. I have always used a shutdown cmd similar to this: shutdown -m \\server -r -f -t 10 On this video he using a fwd slash. I'm sure both works.

raymosely
raymosely

I often use telnet to gain command line access (CLI) to a workstation when I do not want to interrupt someone's work. This usually involves turning off the firewall, at which point the user panics unless I also turn off the Security Center. You can access these with Computer Management - other computer. Typically telnet is also turned off. Turn it on. Now you can import the RDP registry key (which you can export from any similar computer), use pskill either locally in telnet or remotely from your workstation, and kill explorer.exe. You will need the PID which you get from pslist. Then use psexec.exe to start explorer.exe. When you stop and start the initial copy of explorer.exe, the registry is re-read.

vulturex
vulturex

Great tip! The only potential problem I see with this is when rebooting the server isn't desirable for whichever reason. Being a *nix admin primarily my memory on certain win2k3 aspects goes hazy from time to time but I seem to remember another similar trick where instead of the nifty registry hack, one just remotely disables/renables the related rdp services through mmc(provided thats already enabled :-) . Finally on networks deemed "secure" VNC related admin apps go a long way too as auxiliary remote desktop services .

steve.roberts
steve.roberts

In my experience, if a server has stopped taking remote desktop connections, a simple reboot usually fixes the problem. Your suggestion of disabling and then re-enabling the setting in the registry would require two reboots. It is quite a useful tip if it was not enabled in the first place though.

Bill Detwiler
Bill Detwiler

Remote desktop is the de facto admin tool, for many Windows Server administrators. But, what do you do if remote desktop stops taking connections and you don?t have easy physical access to the server? In the above TR Dojo episode, I show you a cool registry hack that lets you remotely enable or disable remote desktop. Because you must reboot the server for the registry edit to take effect, I show you how to remotely restart the server using both the command line and PowerShell. Do you regularly use PowerShell to manage your servers and desktops? Take the poll and let me know. Original post and poll: http://blogs.techrepublic.com.com/itdojo/?p=1864

steve.roberts
steve.roberts

Is your firewall blocking the rd connection? The standard port for rdp is 3389.

Greg Mix
Greg Mix

I don't think you need to reboot it either. But the TS service is set to manual by default, which should start if remote desktop is enabled during startup. So instead of rebooting, you can probably change the reg value, then start the service using net start or via the MMC.

Greg Mix
Greg Mix

psexec \\machine cmd You now have the other machine?s command line and can do whatever. P.S. psexec is the best Win tool ever made IMO. Although I liked the suite better before MS took them over and added annoying EULAs, etc.

SgtPappy
SgtPappy

You can't restart the server remotely. I bring up this question because it has been my experience that when the server does not accept remote desktop connections that it also won't let me restart it remotely let alone access the registry to make the changes.

SMparky
SMparky

Great tip, but to help ward off the problem to begin with we set our domain policy to always allow remote connections. When we build new ghost images we also set the local policy (using gpedit.msc) to allow remote connections. That way machines in workgroups or that leave the domain still have it enforced. We do similar things for Windows updates etc, so people can't disable them.

Greg Mix
Greg Mix

Usually I have to do this for many machines so here is an easy way that does not require a reboot: 1) If on a domain: Enable TS in a GPO applied to those machines Push a script to run "gpupdate /force" (normally use psexec) If not on a domain: Run a script to edit the reg value 2) Assuming TS service is not disabled: net start "Terminal Services" That should be it for a default config.

KJQ
KJQ

We seldom if ever use remote desktop. We use Dameware Utilities whose low cost has paid for itself many times over. It allows access to many layers of the OS without an actual login, or can be used for logins, 'over the shoulder' support, remote command line, remote reboot etc. etc. etc. There are other similar tools too. Another note, for remote sites we always use remotely managed power systems so we can do hard reboots of servers, firewalls, wireless AP's etc. if needed. Lastly, we buy remote management cards for our servers. If you're relying on Remote Desktop alone, I pity you.

Suresh Mukhi
Suresh Mukhi

What if I'm trying to remotely connect to a server not in my domain? Can this be done if I know the IP address?

Greg Mix
Greg Mix

Remote desktop requires the TS service and a handful of GPO/reg settings can affect whether or not you can connect. Much more consistent is the Computer Management MMC. Reboot options similar to shutdown.exe are available.

TheGear
TheGear

Could we talk a little about permissions? One presumes that the scenario in SgtPappy's message is the result of insufficient permissions, but I wouldn't begin to know where to look.

MytonLopez
MytonLopez

Yeah I like Dameware too. It is the best tool out there for support and remoting into systems that got knocked off the domain. With the 3 different authentication types your bound to connect. One thing though is when you using remote desktop it locks the screen where as Dameware will just connect and someone can still see your screen and mess with your keyboard/mouse.

kaplang
kaplang

Simply enter ip address of server.

bigfern
bigfern

Dameware does have the option to lockout the keyboard and mouse. That way if there is someone on the server you remoted to, they can not mess with what you are doing. I use that feature a lot since I work with a bunch of pranksters.

Suresh Mukhi
Suresh Mukhi

Thanks. I'll try that the next time I need it. :)