My first idea was to use remote desktop to access the computers from my machine. That worked fine, since I have local administrator access on each machine… but I’d have to interrupt each user’s work, log them off, make my firewall adjustments, then tell them it’s okay to log on now… assuming that I could even get into their machines remotely.
I needed a solution for users with remote desktop disabled. If your remote user has administrator access to their machine, have them click on Start - Run and type:
netsh firewall set service remoteadmin enable
netsh firewall set service remotedesktop enable
[note: remoteadmin = remote administration, while remotedesktop = remote assistance and remote desktop]
You can also enable remote desktop over the network via regedit if you have administrator rights to the remote machine:
- Run Regedit
- Select File –> Connect Network registry
- Enter the name of the remote computer and select Check Name
- At the bottom of the registry tree you will see 2 Hives appear Hkey_Local_Machine and
Hkey_Users (under the remote computer’s name) - Goto hklm\system\currentcontrolset\control\terminal server\FdenyTSConnections=1
- Change the FdenyTSConnections to 0
- Attempt to Re-Login
This worked okay, but I like to implement the most elegant solution possible.
So I fired up the command line on my local machine, and used psexec to configure the firewall service on the remote machine via netsh. The users never even knew I was working on their computer, which is fine by me.
To enable remote access to a machine via the command line, type:
psexec \\remotecomputername netsh firewall set service remoteadmin enable
psexec \\remotecomputername netsh firewall set service remotedesktop enable
No comments:
Post a Comment