Other than exploring a new WMIC alias here, you won’t see any startling new tricks or techniques here. We’ll be reusing tools that are already well-worn but still useful.
In Windows Server 2003, Microsoft added the RDTOGGLE WMIC alias. In Windows XP, you had to use the Win32_TerminalServiceSetting path. In either case, this alias or path allows you to toggle the value of the Remote Desktop setting. The syntax is a bit wierd, if you ask me, but this is how it looks (the lines are wrapped here for readability, but be sure to type it all on one line):
wmic rdtoggle where AllowTSConnections=â€œ0â€ call SetAllowTSConnections â€œ1â€
Of course, this being WMIC, we can easily add the â€œremoteâ€ functionality to this command with a simple switch:
wmic /node:remotepc1 rdtoggle where AllowTSConnections=â€œ0â€ call SetAllowTSConnections â€œ1â€
If you’re running this command from a Windows Server 2003-based computer, you can use the RDTOGGLE alias even when executing the command remotely against a Windows XP-based system. In the event you need to run this on Windows XP, use this command instead:
wmic /node:remotepc1 path Win32_TerminalServiceSetting where AllowTSConnections=â€œ0â€ call SetAllowTSConnections â€œ1â€
Note that this syntax (using the path instead of the alias) works equally well on either Windows Server 2003 or Windows XP.
We can automate this process by combining this command with â€œfor /fâ€ to either a) perform this command on a predetermined list of computers whose names are stored in a file, like this technique for adding entries to a WINS server; or b) embed a command, such as a Dsquery command, that will dynamically return a list of computers on which the command will be performed. We demonstrated this idea in remotely setting the DNS suffix search order. Refer back to these articles and other recent articles for more examples of using â€œfor /fâ€ to script command-line utilities that don’t normally accept piped input.
Putting all this into practice, it now becomes possible to use Dsquery to return a list of all the computers in an OU, and for each computer in the OU that does not have Remote Desktop enabled we can enable it. Pretty handy, eh?
UPDATE: It appears that a simple Registry change may also have the same result, although the jury is out on whether a reboot is required for the change to take effect. Preliminary testing with a Windows XP-based system that already had Remote Desktop enabled showed that changing the Registry value was immediate; however, I still need to test this on a system that has never had Remote Desktop enabled previously. (Update: See new information below!)
The Registry key to change is:
A REG_DWORD value named fDenyTsConnection controls Remote Desktop; a value of 1 means that connections are denied (thus, Remote Desktop is disabled); a value of 0 means that connections are not denied (thus, Remote Desktop is enabled).
Credit to Daniel Petri for this information (there were lots of sites with this information, but his was first in the Google search).
UPDATE 2: I had the opportunity to test the Registry change on computers that did not have Remote Desktop enabled previously. Changing the referenced Registry key immediately enables Remote Desktop; no reboot is required.