Activate remote desktop
We switched to home office work because of quarantine and most users connect to RD over Windows RAS. Some Windows 7 and 10 desktops were used only locally, and RDP was not activated. Now we need to provide RD to all office computers. I can connect to C$. Is it possible to enable remote desktop remotely?
Solution 1:
Yes, you can. There are some prerequisites either WinRM service should run on desktops or AD should be implemented.
For AD via GPO:
1) enable the policy “Allow users to connect remotely by using Remote Desktop Services” in “Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections”
2) OPTIONAL add ip’s (or subnet) of VPN users to firewall policy “Windows Firewall: Allow inbound Remote Desktop exceptions” in “Allow users to connect remotely by using Remote Desktop Services” in "Computer Configuration\Policies\Administrative Templates\Network\Network Connections\Windows Firewall\Domain Profile"
To activate RD without GPO follow the guide - https://www.hyper-v.io/remotely-enable-remote-desktop-another-computer/
Solution 2:
Have you tried PSEXEC? https://docs.microsoft.com/en-us/sysinternals/downloads/psexec
You can use PSEXEC and run the following:
psexec \\COMPUTERNAME reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0
OR
psexec \\COMPUTERNAME -u USERNAME -p PASSWORD reg add "hklm\system\currentcontrolset\control\terminal server" /f /v fDenyTSConnections /t REG_DWORD /d 0
Very useful for this situation. I have been running into this issue since the quarantine began as well.
I would change the command to fit your current workplace/domain environment, and it is possible to run on all machine within the domain with \\*
as the computer name if that is the goal. Also note, you will not need to pass a username or password if you are currently running it as the domain administrator.