How to enable Remote Desktop remotely

by Shijaz Abdulla on 03.05.2009 at 17:54

This article used to exist on www.shijaz.com before it was taken down in May 2009. Originally published in January 2008.

This article explains how you can enable Remote Desktop on a server that you do not have physical access to.

You’ve built new servers, updated them with the latest service pack, and even run Windows Update. Proud of the good job you done, you move upstairs to the comfort of your office to do the rest of the installation, away from the freezing server room. And then you suddenly realize that you did not enable Remote Desktop connections on your new server. Aw, now you need to go back all the way to your data center to enable RDP. The situation is even worse if you pre-configured the server without enabling RDP and shipped it to your branch location in Timbuktu!

Well, here’s the good news. You can actually enable remote desktop remotely. All you need to do is open up the registry of that server remotely, and make some changes and then initiate a remote restart of the server. Well, that’s the only downside – you normally don’t need a restart if you enable it physically.
1. On your Windows workstation, open Registry Editor (Start –> Run –> Regedit.exe –> OK)
2. On the File menu, choose Connect Network Registry.

Regedit1
3. Select the name of the computer that you want to enable RDP on. Make sure the logged in user has administrator rights on the remote server.

enable1

 

4. On the remote computer, Navigate to the key HKLMSYSTEMCurrentControlSetControlTerminal Server. Find a value named fDenyTSConnection and change it to 0 (zero).

5. Restart the remote computer by typing the following command in the Command prompt of your workstation.

shutdown -m \myserver -r

where ‘myserver’ is the name of your server.

6. Wait for the server to restart and connect to it using Remote Desktop Connection (MSTSC) from your Windows PC.

Hyper-V Remote Administration

by Shijaz Abdulla on 27.01.2009 at 14:30

January 27, 2009

When you connect to a Windows Server 2008 computer running Hyper-V from a Windows Vista client, the mouse input is not captured when you connect to a guest machine unless you install the Integration Services on the guest machine. You receive the following message:

image

Mouse not captured in Remote Desktop session.

It is however, possible to remotely manage Hyper-V from within a Windows Vista MMC snap-in upon installation of an optional update. To download the Hyper-V Remote Management Update, follow these links.

Upon installation, you will find a ‘Hyper-V Manager’ icon in the Administrative Tools folder on your Start Menu.

image

Adding a node on a SQL 2005 cluster

by Shijaz Abdulla on 18.09.2008 at 23:22

In the absence of a dedicated SQL DBA at the place where I work, I take care of the SQL Servers too. (No comment.)

One of the passive nodes of a SQL Server 2005 cluster had died a sudden death (hard drive and RAID failed under mysterious circumstances) which necessitated a total rebuild of the failed node.

So I went ahead and evicted passive node from the Cluster Administrator on the surviving active node. After the server rebuild was over, I configured Windows clustering on the second node using Cluster Administrator. Next, I started setup on the active node (from Control Panel –> Add/Remove Programs –> SQL Server 2005 –> Change).

I reached the point in the setup wizard where I choose to add a node to the existing virtual server/cluster. After a while I get the following error message:

Setup failed to start on the remote machine. Check the Task scheduler event log on the remote machine.

Upon checking the Task Scheduler event log on the node being rebuilt, I found this:

"SQL Server Remote Setup .job" (setup.exe) 9/18/2008 11:36:24 PM ** ERROR **
    Unable to start task.
    The specific error is:
    0x80070005: Access is denied.
    Try using the Task page Browse button to locate the application.

Now that’s very helpful, isn’t it?

A few minutes of head-scratching and web-searching yielded what I was missing – I was working on the servers connected via Remote Desktop! For the installation to start successfully on the remote (new) node, it should not have any active remote desktop sessions on it. I went ahead and closed all RDP sessions on the new node being rebuilt using Task Manager (Users tab) and also logged off the session that I was connected to.

Another retry from the first node, and setup now progressed without any errors.

Slow Remote Desktop on Dell PowerEdge 2950 running Windows Server 2003 R2 x64

by Shijaz Abdulla on 15.05.2008 at 13:30

I’ve seen this problem when I prepare Dell PowerEdge 2950 servers using the Dell OpenManage Server Assistant 5.3 to install Windows Server 2003 R2 x64 with Service Pack 2.

Once the OS installation is complete, if you enable Remote Desktop and connect from a Windows Vista machine using RDP, the RDP session/screen refresh is kind of slow. This only happens with x64 edition of Windows Server 2003.

The problem seems to disappear when I install all the latest updates from Microsoft Update/Windows Update so I guess the issue is addressed in one of the fixes.

Articles on enabling Remote Desktop

by Shijaz Abdulla on 17.02.2008 at 12:38

It’s been some time since I’ve written new articles on shijaz.com 🙂

I have added two new articles on Remote Desktop:

No more MSTSC.exe /CONSOLE

by Shijaz Abdulla on 08.01.2008 at 08:51

Thats’ right. No more /console switch on the Windows Remote Desktop Connection tool, MSTSC.exe, starting from Windows XP Service Pack 3, Windows Vista Service Pack 1 and Windows Server 2008.

This is because of the design enhancements in Windows Vista and Windows Server 2008, by virtue of which you cannot connect to Session 0, which is the default session. Running services and user applications together in Session 0 poses a security risk because services in Session 0 run at elevated privileges and therefore can be targeted by malware that attack by attempting and exploiting a privilege escalation.

The new generation of the Windows operating system mitigates this security risk by isolating services in Session 0 and making Session 0 non-interactive to the user. In Windows Vista (and Windows Server 2008), only system processes and services run in Session 0. The first user logs on to Session 1. Subsequent users log on to subsequent sessions (Session 2, Session 3 etc). This means that services (like printer drivers loaded by spooler service, UMDF drivers, user/window interactive services, etc) never run in the same session as users’ applications and are therefore protected from attacks that originate in application code. [More info]

Session Zero in Windows XP/Windows Server 2003: The first user logs in to Session Zero itself.
 


 
Session Zero Isolation in Windows XP SP3/Windows Vista SP1/Windows Server 2008: First user’s Session is not within Session Zero, a separate session is created, thereby improving security.
Since there is no longer the ability to connect to Session 0, the /console switch is no longer required. But, what if I want to connect to Session 0 on a Windows Server 2003/XP or earlier machine using RDP 6.1? Let’s find out.

When I typed “mstsc /?” on my Windows Server 2008 machine, these are the options that are available to me:


Notice that the /console option is not available, but there is a /admin option. The /admin option lets you connect to Session 0 on a remote computer that doesn’t have Windows Vista SP1, Windows XP SP3 or Windows Server 2008 or later installed.

However, if you try to pull the /console switch on a Windows Server 2008 or Vista SP1 machine, you get an error “An unknown parameter was specified in the computer name field“.

I hope you found this post interesting – subscribe to my blog to get instant updates on new posts!

How to disable the warning message in Windows Vista Remote Desktop Connection

by Shijaz Abdulla on 31.12.2007 at 10:18
When you connect to a machine running Windows 2000 or Windows Server 2003 from Windows Vista RDP, you may have noticed the following warning:

“Remote Desktop cannot verify the identity of the computer you want to connect to.”

This is good, but it’s rather annoying to be notified each time you want to connect to a server! To turn off the warning,
– Open the Remote Desktop Connection application and click Options.
– On the Advanced tab, select the option Always connect, even if authentication fails.