Tuesday, March 16, 2021

Enable RDP through CMD Line

 Quick and simple way to enable Remote Desktop (RDP) via psexec

    4 Steps total

    Step 1: Install PSEXEC

    PSEXEC is a standalone executable file that allows you to run commands on remote machines.

    You can download the tool from here:

    http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx

    Step 2: Run psexec

    You can add the location of psexec to your %PATH% variable or simple copy the psexec to C:\WINDOWS\System32\ folder.

    After that simply open a command line and type psexec /? to test its functioning accordingly

    Step 3: Enable RDP

    Open a command line and type the follwoing:

    psexec \machinename reg add hklm\system\currentcontrolset\control\terminal server /f /v fDenyTSConnections /t REG_DWORD /d 0

    This adds a registry entry enabling RDP connections.

    Step 4: Configure Machine Firewall to allow RDP

    Open a command line and type the following

    psexec \remotecomputername netsh firewall set service remoteadmin enable psexec \remotecomputername netsh firewall set service remotedesktop enable:

    With this you have successfully configured a remote machine to enable RDP sessions and configured the firewall to allow the connections on the correct ports.


    Other Examples

    The following command launches an interactive command prompt on \\marklap computer name:

    cmd
    psexec -i \\marklap cmd
    

    This command executes IpConfig on the remote system with the /all switch, and displays the resulting output locally:

    cmd
    psexec -i \\marklap ipconfig /all
    

    This command copies the program test.exe to the remote system and executes it interactively:

    cmd
    psexec -i \\marklap -c test.exe
    

    Specify the full path to a program that is already installed on a remote system if its not on the system's path:

    cmd
    psexec -i \\marklap c:\bin\test.exe
    

    Run Regedit interactively in the System account to view the contents of the SAM and SECURITY keys::

    cmd
    psexec -i -d -s c:\windows\regedit.exe
    

    To run Internet Explorer as with limited-user privileges use this command:

    cmd

    psexec -l -d "c:\program files\internet explorer\iexplore.exe"

    No comments:

    Post a Comment