Enable remote desktop by default

[gai-jin]

Grrr... I've been fighting with this and still can't seem to get it. I've done a reg shot, found the keys that open the firewall ports, found the key that seems to actually turn on remote desktop, but I can't get it to work.

What am I missing here?

Here's the reg file I've used

settings.reg

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Licensing Core]
"EnableConcurrentSessions"=dword:0x00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server]
"fDenyTSConnections"=dword:0x00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch]
"Epoch"=dword:0x000004C8

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"fDenyTSConnections"=dword:0x00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]
"Epoch"=dword:0x000004C8

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"

Here's what I get from a regshot on my vmware after installing from my ua disk. Initially it was off, I turn it on, all of these keys show as changing. (Most of these didn't show up on the reg shot for my real machine though, which I patterened the above from.)

REGSHOT LOG 1.61e5
Comments:
Datetime:2004/8/19 23:33:50  ,  2004/8/19 23:34:04
Computer:MYCOMPUTER , MYCOMPUTER
Username:Owner , Owner

----------------------------------
Values added:2
----------------------------------
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"

----------------------------------
Values modified:18
----------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 7A 53 A5 67 7F C4 CA 2D 56 1F 2E 1A D0 AC F2 71 4A A5 42 4B 9C 77 08 D9 B7 E0 D5 36 D3 BF 0B B0 19 34 F4 9B 46 F7 9B 57 09 0A 5C 2A BA F3 24 86 AB 61 66 C6 F7 9F 7B 1C CF 13 B7 C0 4E 35 D4 91 63 D2 77 1D A0 93 26 EB 0A 80 AB 0F 6D 8D 6C AE
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 15 F0 75 12 FD 4F 93 6F BC 4D 8C 52 51 F4 D0 D7 A7 F4 FD 33 D4 79 CD 86 27 B9 68 94 D9 F8 3C 57 F9 35 26 80 37 56 A8 62 B0 E7 3F 7D A4 C8 32 EA 07 15 C9 E7 81 18 05 66 6C 8B AA 07 00 68 AE F1 E2 99 4E 87 2D 14 56 B0 E6 89 F9 40 E7 32 D1 1D
HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\szLastScanned: "C:\WINDOWS\Prefetch\RUNDLL32.EXE-147710F4.pf"
HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\szLastScanned: "C:\WINDOWS\Prefetch\REGSHOT.EXE-2032142B.pf"
HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\dwFilesScanned: 0x0000018D
HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\dwFilesScanned: 0x0000018F
HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\dwLastModified: 0x0000207E
HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\dwLastModified: 0x0000207F
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\fDenyTSConnections: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\fDenyTSConnections: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x0000000D
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x0000000E
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Disabled:@xpsp2res.dll,-22009"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Disabled:@xpsp2res.dll,-22009"
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000001
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x0000000D
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x0000000E
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Disabled:@xpsp2res.dll,-22009"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Disabled:@xpsp2res.dll,-22009"
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
HKEY_USERS\S-1-5-21-1292428093-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHAPCY: 01 00 00 00 0A 00 00 00 90 05 05 F2 44 86 C4 01
HKEY_USERS\S-1-5-21-1292428093-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHAPCY: 01 00 00 00 0B 00 00 00 70 9A 2F FD 44 86 C4 01
HKEY_USERS\S-1-5-21-1292428093-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHAPCY:FLFQZ.PCY: 01 00 00 00 0A 00 00 00 90 05 05 F2 44 86 C4 01
HKEY_USERS\S-1-5-21-1292428093-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHAPCY:FLFQZ.PCY: 01 00 00 00 0B 00 00 00 70 9A 2F FD 44 86 C4 01

----------------------------------
Total changes:20
----------------------------------

Thanks,

Gai-jin

[gai-jin]

bump

[un4given1]

Are you running this regkey during cmdlines.txt? You may try running it using GuiRunOnce. Some settings are changed after cmdlines.txt so I would give that a try. It's been awhile since I messed with this, but I believe if you do a search you might find a topic where I discussed this.

[gai-jin]

I have this running as the very last step of runonce ex.

I've also tried adding this reg file *after* setup completes, manually. It still doesn't activate the remote desktop option. (at least, it doesn't show it active in the sytem control panel... haven't actually tried to remote in.)

I'll look again tonight, I had done a search, but the main thing I found in searching was this key:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]

"fDenyTSConnections"=dword:0x00000000

And that doesn't seem to work.

[gai-jin]

bump. Any suggestions?

[enuffsaid]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"fDenyTSConnections"=dword:0x00000000

I use that for my unattended SP2 installation and it works fine for me. Remote Desktop is enabled for me.

[gai-jin]

Hmm... no clue then, I've included that in the keys I use (as listed above), and still isn't working. this is SP2 as well.

[enuffsaid]

So you say you've applied that key, but it doesn't work.

Lets say you do a clean (unattended) install again, FIRST thing you do at first logon is CHECK to see what that particular key has for value. Is it what you set it to be during the setup? If not, your registry settings are not getting set during the setup.

Could you check that please?

[gai-jin]

I know I've even tried applying 'settings.reg', as listed in the first post, after intall was complete & rebooting. Even then, if I go into system properties, remote tab, it doesn't show remote desktop enabled.

I actually have it setup to apply via regedit /s settings.reg as the very last item in runonceex.

I'll check it tonight.

[enuffsaid]

I believe you, I really do! But still I'm asking you, what is the value of the registry key AFTER you have checked the Remote tab in the system properties and have found it NOT to be enabled?

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"fDenyTSConnections"=dword:0x00000000

Also, do your users have a password? If not, give them a password and try again.

[gai-jin]

Ah Ha! I think I've found the problem. In the reg file to be imported, the

"fDenyTSConnections"=dword:0x00000000

should be:

"fDenyTSConnections"=dword:00000000

Now it seems to work great!

Now, a related question... what's the difference between the 'currentcontrolset' tree and the 'controlset1' and 'controlset2' trees? Do these all need to be changed?

[Gunr]

EDIT: Just tried this myself and it works.

Just wondering if this has been tried? I have not had a chance yet, just now starting to play arround with the unattended stuff, but found this info in the readme.txt that is included with the sp2 deploy tools.

* In the OEM Preinstallation Reference (Ref.chm), the functionality

of the AllowConnections entry of the [TerminalServices] section in the

Unattend.txt answer file has changed. If you specify the following:

[TerminalServices]

AllowConnections = 1

Remote Desktop will be enabled during unattended Setup. However,

Remote Desktop will not be added to the Windows Firewall Exceptions

list. The following entries represent the mimimum required entries

in the Unattend.txt answer file to enable Remote Desktop during

unattended Setup and add Remote Desktop to the Windows Firewall

Exceptions list:

[WindowsFirewall]

Profiles = Standard (specify a user-defined profile name)

[WindowsFirewall.Standard]

Services = RemoteDesktop (specify a user-defined service name)

[WindowsFirewall.RemoteDesktop]

Type = 2

[TerminalServices]

AllowConnections = 1

For details on Windows Firewall settings, see the [WindowsFirewall]

sections and entries in the Unattend.txt chapter of the

OEM Preinstallation Reference (Ref.chm).

[gai-jin]

Thanks, this is **Much** cleaner, I'll give it a go!

(if only this info was actually *in* the ref.chm, It would have been much easier to find... )

[enuffsaid]

@ Gai-jin...

Good find. I noticed that I didn't have the "x" also, so I must have copied from your post, claiming it to be correct. Sorry about that.

@ Gunr...

Thanks for sharing that. I will try and see if it works. Especially the Firewall exception for Remote Desktop looks good.

[pthomas]

Wow, you guys are going about it the long way. In your answer file (winnt.sif) put this in:

; Enable Remote Desktop

[TerminalServices]

AllowConnections=1

Cheers,

Paul