gai-jin Posted August 20, 2004 Share Posted August 20, 2004 Grrr... I've been fighting with this and still can't seem to get it. I've done a reg shot, found the keys that open the firewall ports, found the key that seems to actually turn on remote desktop, but I can't get it to work.What am I missing here?Here's the reg file I've usedsettings.reg[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Licensing Core]"EnableConcurrentSessions"=dword:0x00000001[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server]"fDenyTSConnections"=dword:0x00000000[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch]"Epoch"=dword:0x000004C8[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]"fDenyTSConnections"=dword:0x00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch]"Epoch"=dword:0x000004C8[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"Here's what I get from a regshot on my vmware after installing from my ua disk. Initially it was off, I turn it on, all of these keys show as changing. (Most of these didn't show up on the reg shot for my real machine though, which I patterened the above from.)REGSHOT LOG 1.61e5Comments:Datetime:2004/8/19 23:33:50 , 2004/8/19 23:34:04Computer:MYCOMPUTER , MYCOMPUTERUsername:Owner , Owner----------------------------------Values added:2----------------------------------HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum\0: "SW\{b7eafdc0-a680-11d0-96d8-00aa0051e51d}\{9B365890-165F-11D0-A195-0020AFD156E4}"----------------------------------Values modified:18----------------------------------HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 7A 53 A5 67 7F C4 CA 2D 56 1F 2E 1A D0 AC F2 71 4A A5 42 4B 9C 77 08 D9 B7 E0 D5 36 D3 BF 0B B0 19 34 F4 9B 46 F7 9B 57 09 0A 5C 2A BA F3 24 86 AB 61 66 C6 F7 9F 7B 1C CF 13 B7 C0 4E 35 D4 91 63 D2 77 1D A0 93 26 EB 0A 80 AB 0F 6D 8D 6C AEHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 15 F0 75 12 FD 4F 93 6F BC 4D 8C 52 51 F4 D0 D7 A7 F4 FD 33 D4 79 CD 86 27 B9 68 94 D9 F8 3C 57 F9 35 26 80 37 56 A8 62 B0 E7 3F 7D A4 C8 32 EA 07 15 C9 E7 81 18 05 66 6C 8B AA 07 00 68 AE F1 E2 99 4E 87 2D 14 56 B0 E6 89 F9 40 E7 32 D1 1DHKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\szLastScanned: "C:\WINDOWS\Prefetch\RUNDLL32.EXE-147710F4.pf"HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\szLastScanned: "C:\WINDOWS\Prefetch\REGSHOT.EXE-2032142B.pf"HKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\dwFilesScanned: 0x0000018DHKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\dwFilesScanned: 0x0000018FHKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\dwLastModified: 0x0000207EHKEY_LOCAL_MACHINE\SOFTWARE\Network Associates\TVD\Shared Components\On Access Scanner\McShield\dwLastModified: 0x0000207FHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\fDenyTSConnections: 0x00000001HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\fDenyTSConnections: 0x00000000HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000000HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum\Count: 0x00000001HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000000HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\kmixer\Enum\NextInstance: 0x00000001HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x0000000DHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Epoch\Epoch: 0x0000000EHKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Disabled:@xpsp2res.dll,-22009"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Enabled:@xpsp2res.dll,-22009"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Disabled:@xpsp2res.dll,-22009"HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Enabled:@xpsp2res.dll,-22009"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections: 0x00000001HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\fDenyTSConnections: 0x00000000HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000000HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum\Count: 0x00000001HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000000HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\kmixer\Enum\NextInstance: 0x00000001HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x0000000DHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch\Epoch: 0x0000000EHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Disabled:@xpsp2res.dll,-22009"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Enabled:@xpsp2res.dll,-22009"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Disabled:@xpsp2res.dll,-22009"HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\3389:TCP: "3389:TCP:*:Enabled:@xpsp2res.dll,-22009"HKEY_USERS\S-1-5-21-1292428093-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHAPCY: 01 00 00 00 0A 00 00 00 90 05 05 F2 44 86 C4 01HKEY_USERS\S-1-5-21-1292428093-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHAPCY: 01 00 00 00 0B 00 00 00 70 9A 2F FD 44 86 C4 01HKEY_USERS\S-1-5-21-1292428093-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHAPCY:FLFQZ.PCY: 01 00 00 00 0A 00 00 00 90 05 05 F2 44 86 C4 01HKEY_USERS\S-1-5-21-1292428093-484763869-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count\HRZR_EHAPCY:FLFQZ.PCY: 01 00 00 00 0B 00 00 00 70 9A 2F FD 44 86 C4 01----------------------------------Total changes:20----------------------------------Thanks,Gai-jin Link to comment Share on other sites More sharing options...
gai-jin Posted August 20, 2004 Author Share Posted August 20, 2004 bump Link to comment Share on other sites More sharing options...
un4given1 Posted August 20, 2004 Share Posted August 20, 2004 Are you running this regkey during cmdlines.txt? You may try running it using GuiRunOnce. Some settings are changed after cmdlines.txt so I would give that a try. It's been awhile since I messed with this, but I believe if you do a search you might find a topic where I discussed this. Link to comment Share on other sites More sharing options...
gai-jin Posted August 20, 2004 Author Share Posted August 20, 2004 I have this running as the very last step of runonce ex. I've also tried adding this reg file *after* setup completes, manually. It still doesn't activate the remote desktop option. (at least, it doesn't show it active in the sytem control panel... haven't actually tried to remote in.)I'll look again tonight, I had done a search, but the main thing I found in searching was this key:[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]"fDenyTSConnections"=dword:0x00000000And that doesn't seem to work. Link to comment Share on other sites More sharing options...
gai-jin Posted August 21, 2004 Author Share Posted August 21, 2004 bump. Any suggestions? Link to comment Share on other sites More sharing options...
enuffsaid Posted August 21, 2004 Share Posted August 21, 2004 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]"fDenyTSConnections"=dword:0x00000000I use that for my unattended SP2 installation and it works fine for me. Remote Desktop is enabled for me. Link to comment Share on other sites More sharing options...
gai-jin Posted August 21, 2004 Author Share Posted August 21, 2004 Hmm... no clue then, I've included that in the keys I use (as listed above), and still isn't working. this is SP2 as well. Link to comment Share on other sites More sharing options...
enuffsaid Posted August 21, 2004 Share Posted August 21, 2004 So you say you've applied that key, but it doesn't work.Lets say you do a clean (unattended) install again, FIRST thing you do at first logon is CHECK to see what that particular key has for value. Is it what you set it to be during the setup? If not, your registry settings are not getting set during the setup.Could you check that please? Link to comment Share on other sites More sharing options...
gai-jin Posted August 21, 2004 Author Share Posted August 21, 2004 I know I've even tried applying 'settings.reg', as listed in the first post, after intall was complete & rebooting. Even then, if I go into system properties, remote tab, it doesn't show remote desktop enabled.I actually have it setup to apply via regedit /s settings.reg as the very last item in runonceex. I'll check it tonight. Link to comment Share on other sites More sharing options...
enuffsaid Posted August 22, 2004 Share Posted August 22, 2004 I believe you, I really do! But still I'm asking you, what is the value of the registry key AFTER you have checked the Remote tab in the system properties and have found it NOT to be enabled?[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]"fDenyTSConnections"=dword:0x00000000Also, do your users have a password? If not, give them a password and try again. Link to comment Share on other sites More sharing options...
gai-jin Posted August 23, 2004 Author Share Posted August 23, 2004 Ah Ha! I think I've found the problem. In the reg file to be imported, the "fDenyTSConnections"=dword:0x00000000should be: "fDenyTSConnections"=dword:00000000Now it seems to work great!Now, a related question... what's the difference between the 'currentcontrolset' tree and the 'controlset1' and 'controlset2' trees? Do these all need to be changed? Link to comment Share on other sites More sharing options...
Gunr Posted August 23, 2004 Share Posted August 23, 2004 EDIT: Just tried this myself and it works.Just wondering if this has been tried? I have not had a chance yet, just now starting to play arround with the unattended stuff, but found this info in the readme.txt that is included with the sp2 deploy tools.* In the OEM Preinstallation Reference (Ref.chm), the functionalityof the AllowConnections entry of the [TerminalServices] section in theUnattend.txt answer file has changed. If you specify the following:[TerminalServices]AllowConnections = 1 Remote Desktop will be enabled during unattended Setup. However,Remote Desktop will not be added to the Windows Firewall Exceptionslist. The following entries represent the mimimum required entriesin the Unattend.txt answer file to enable Remote Desktop duringunattended Setup and add Remote Desktop to the Windows FirewallExceptions list:[WindowsFirewall]Profiles = Standard (specify a user-defined profile name)[WindowsFirewall.Standard]Services = RemoteDesktop (specify a user-defined service name)[WindowsFirewall.RemoteDesktop]Type = 2[TerminalServices]AllowConnections = 1 For details on Windows Firewall settings, see the [WindowsFirewall]sections and entries in the Unattend.txt chapter of the OEM Preinstallation Reference (Ref.chm). Link to comment Share on other sites More sharing options...
gai-jin Posted August 23, 2004 Author Share Posted August 23, 2004 Thanks, this is **Much** cleaner, I'll give it a go!(if only this info was actually *in* the ref.chm, It would have been much easier to find... ) Link to comment Share on other sites More sharing options...
enuffsaid Posted August 23, 2004 Share Posted August 23, 2004 @ Gai-jin...Good find. I noticed that I didn't have the "x" also, so I must have copied from your post, claiming it to be correct. Sorry about that.@ Gunr...Thanks for sharing that. I will try and see if it works. Especially the Firewall exception for Remote Desktop looks good. Link to comment Share on other sites More sharing options...
pthomas Posted August 23, 2004 Share Posted August 23, 2004 Wow, you guys are going about it the long way. In your answer file (winnt.sif) put this in:; Enable Remote Desktop[TerminalServices] AllowConnections=1Cheers,Paul Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now