I wrote about how to achieve this way back in 2007! It’s one of the more popular things I’ve written about and I still refer back to it pretty often.
The steps were for Windows XP and mostly worked for Windows Vista, Windows 7 and Windows 8.
That said there are more options available now when setting up your PC for remote desktop and the defaults now mean you usually have some extra things to do.
So the first thing you need to do with your favourite remote registry editing tool (such as regedit!)
HKLM\System\CurrentControlSet\Control\Terminal Server\fDenyTSConnections
Change the fDenyTSConnections to 0
This enables remote desktop itself.
If you want to disable Network Level Authentication (NLA)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp\SecurityLayer
Set the SecurityLayer value to 0
Finally you may also need to create a exception rule in Windows Firewall. My preference is to use PSEXEC to run this command.
netsh firewall set service remotedesktop enable
There are variety of ways to manipulate the firewall, group policy for example, but depending on the environment as a quick easy thing psexec is your friend.
Finally if the person who will be connecting isn’t a local admin they’ll need to be added to remote desktop users group.
Easiest way to do this is with computer management.
I’m not breaking new ground here but I’ve been asked about it a couple of times recently so thought it was worth putting this together.
Do you have any other methods for achieving the above?
Latest posts by Andy Parkes (see all)
- Dishley parkrun, Loughborough - August 1, 2023
- Woodgate Valley Country Park parkrun - July 22, 2023
- Abbey Park parkrun - June 8, 2023
Good Post Andy.
You can tag onto your psexec session for the user account with
Net localgroup “Remote Desktop users” domain\username /add
Cheers Matt – that’s much quicker!