Enabling Remote Desktop Connections

From WPKG | Open Source Software Deployment and Distribution
Jump to: navigation, search

In XP, you have Remote Desktop Connection / Terminal Sessions, disabled by default.

You can enable them with a simple registry edit.

The XML for WPKG will look like this:

<package
     id="remotedesktop"
     name="Remote Desktop"
     revision="1"
     reboot="false"
     priority="0">
     <check type="registry" condition="equals" path="HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections" value="0" />
     <install cmd='reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f' />
     <upgrade include="install" />
     <remove cmd='reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f' />
</package>

This will allow you to log on as Administrator (either domain or local) using Terminal Sessions.


A more complex scenario exists if the Terminal Service itself had been disabled; in which case the following is more suitable.

<package id="rdp" name="Remote Desktop" revision="3" reboot="true" priority="5">
<check type="logical" condition="or"> 
    <check type="registry" condition="equals" path="HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections" value="0" />
	<check type="registry" condition="equals" path="HKLM\SYSTEM\CurrentControlSet\Services\TermService\Start" value="2" />
</check>
    <install cmd='reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f' />
    <install cmd='sc config termservice start= auto' />
    <upgrade include="install" />
    <remove cmd='reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f' />
	<remove cmd='sc config termservice start= disabled' />
</package>

I'm using this on Win10 Pro

<package id="RemoteDesktop"
         name="Remote Desktop"
         revision="8"
         execute="once"
         reboot="false"
         priority="500">

    <check type="logical" condition="or">
        <check type="registry" condition="equals" path="HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections" value="0" />
        <check type="registry" condition="equals" path="HKLM\SYSTEM\CurrentControlSet\Services\TermService\Start" value="2" />
    </check>

    <install cmd='reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 0 /f' />
    <install cmd='reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v SecurityLayer /t REG_DWORD /d 0 /f' />
    <install cmd='reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp" /v UserAuthentication /t REG_DWORD /d 0 /f' />
    <install cmd='netsh advfirewall firewall set rule group=”Assistência Remota” new enable=yes' />
    <install cmd='sc config termservice start= auto' />

<!--MAYBE It's NEED TO USE :   reg add "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server" /v TSEnabled /t REG_DWORD /d 1 /f                        -->

    <upgrade include="install" />

    <remove cmd='reg add "HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server" /v fDenyTSConnections /t REG_DWORD /d 1 /f' />
    <remove cmd='sc config termservice start= disabled' />
    <remove cmd='netsh advfirewall firewall set rule group=”Assistência Remota” new enable=no' />
</package>

Question: how to enable Terminal Sessions for other, non-Administrator users?

Answer: That would involve adding those users to the Remote Desktop Users group. This cannot be done in the registry, but with the command net group "Remote Desktop Users" /add usernamehere.