The downloadable version of this article is available here:
http://techrepublic.com.com/5138-1035-6045604.html
What do you think of these scripts? Do you have a script that we'd be willing to pay you $100 for?
Discussion on:
View:
Show:
Interesting script.
A friend at work showed me a method to do the same thing by connecting to a remote WinXP or Win2003 machine's registry and then modifying the following key (admin rights required):
HKLM/System/CurrentControlSet/Control/Terminal Server/fDenyTSConnection
Change this DWord value depending on whether you need to disable (1) or enable (0) remote connections to the machine.
I can't confirm for Win2003 servers, but no reboot is required for WinXP machines.
This works well for single units but I can see where the script would come in handy.
A friend at work showed me a method to do the same thing by connecting to a remote WinXP or Win2003 machine's registry and then modifying the following key (admin rights required):
HKLM/System/CurrentControlSet/Control/Terminal Server/fDenyTSConnection
Change this DWord value depending on whether you need to disable (1) or enable (0) remote connections to the machine.
I can't confirm for Win2003 servers, but no reboot is required for WinXP machines.
This works well for single units but I can see where the script would come in handy.
so how did you connect to a remote pc's registry without having Remote Desktop? That would be very handy for administration indeed. Does it work for Win2k machines? We have a very few but they're all at remote locations and we can't RD to them.
Except he provided a script to use wmngmts to command a remote machine to do this, rather than you having to already be on the machine. But if you read his script, this is precisely what he did.
If you control startup scripts, however, this is also super easy to do on a 'local' machine through a login script. You set the same registry key to the same value (run a .reg, use a .vbs, even use a .cmd or .bat, doesn't really matter).
My question is: How do you specify the "allow log-ins by these users" list? If that list is empty, what's the default behavior? If I find answers, I'll stop by and post again.
If you control startup scripts, however, this is also super easy to do on a 'local' machine through a login script. You set the same registry key to the same value (run a .reg, use a .vbs, even use a .cmd or .bat, doesn't really matter).
My question is: How do you specify the "allow log-ins by these users" list? If that list is empty, what's the default behavior? If I find answers, I'll stop by and post again.
You can also use group policy to do this:
http://technet2.microsoft.com/WindowsServer/en/Library/1e4a44de-2be1-4d29-9387-9f04b79cc17a1033.mspx
http://technet2.microsoft.com/WindowsServer/en/Library/1e4a44de-2be1-4d29-9387-9f04b79cc17a1033.mspx
Another method from sysinternals.. [http://www.sysinternals.com/]
psexec \\computername/ipip reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0
psexec \\computername/ipip reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0
Thanks, very much, i am now supporting a growing number uf remote users in diffrent places,(i?m in Mexico), and some of them have a very basic knowledge of computers, so with this, i am going to be able to help them right away.
Alejandro
Alejandro
- Keyboard Shortcuts:
- Prev
- Next
- Toggle
