May 18, 2007 — Julie
I've been configuring my LAN for spiceworks
<http://thebackroomtech.wordpress.com/2007/05/18/spiceworks-a-free-it-management-system/>
this afternoon. The Windows XP firewall is enabled on most of our PCs,
and I didn't want to visit each station to configure it to allow
spiceworks to inventory the machine. I'm also not big into group policy
here at the office (what the saying about the cobbler's son's shoes?) so
I didn't want to make the setting change that way.
My first idea was to use remote desktop to access the computers from my
machine. That worked fine, since I have local administrator access on
each machine… but I'd have to interrupt each user's work, log them off,
make my firewall adjustments, then tell them it's okay to log on now…
assuming that I could even get into their machines remotely.
I needed a solution for users with remote desktop disabled. If your
remote user has administrator access to their machine, have them click
on Start – Run and type:
netsh firewall set service remoteadmin enable
netsh firewall set service remotedesktop enable
[note: remoteadmin = remote administration, while remotedesktop = remote
assistance /and/ remote desktop]
You can also enable remote desktop over the network via regedit if you
have administrator rights to the remote machine:
1. Run *Regedit*
2. Select *File* –> *Connect Network registry*
3. Enter the *name* of the remote computer and select *Check Name*
4. At the bottom of the registry tree you will see *2 Hives* appear
*Hkey_Local_Machine* and
*Hkey_Users* (under the remote computer's name)
5. Goto *hklm\system\currentcontrolset\control\terminal
server\FdenyTSConnections=1*
6. Change the *FdenyTSConnections* to *0*
7. Attempt to *Re-Login*
This worked okay, but I like to implement the most elegant solution
possible.
So I fired up the command line on my local machine, and used psexec
<http://www.microsoft.com/technet/sysinternals/utilities/psexec.mspx> to
configure the firewall service on the remote machine via netsh. The
users never even knew I was working on their computer, which is fine by me.
To enable remote access to a machine via the command line, type:
psexec \\remotecomputername netsh firewall set service remoteadmin enable
psexec \\remotecomputername netsh firewall set service remotedesktop enable
If you aren't familiar with the PStools
<http://www.microsoft.com/technet/sysinternals/FileAndDisk/PsTools.mspx>
suite of utilities, and you like administration from the command line,
you need to check out the Sysinternals web site
<http://www.microsoft.com/technet/sysinternals/default.mspx>. Too bad
they were acquired by Microsoft in 2006.
1 comment:
Working with in-built remote desktop software can be really difficult given the configuration they necessitate. Further, they do not provide complete control of the remote system. I think it’s better to go for specilaized Remote Access solutions like RHUB http://www.rhubcom.com system, which are easy, fast, highly secure, and provide all privileges for absolute remote control.
Post a Comment