To enable Remote Desktop remotely by using the registry
- On any computer that is running a version of Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows XP Professional, Windows Vista or Windows 7, open Regedit as an administrator. To open Regedit as an administrator, click Start, and then, in Start Search, type regedit. At the top of the Start menu, right-click regedit, and then click Run as administrator. In the User Account Control dialog box, provide Domain Admins credentials, and then click OK.
- On the File menu, click Connect Network Registry.
- In the Select Computer dialog box, under Enter the object name to select, type the computer name, and then click Check Names.
- After the computer name resolves, click OK.
- In the computer node that appears in the Registry Editor, navigate to
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server. - In the console tree, click Terminal Server, and then, in the details pane, double-click fDenyTSConnections.
- In the Edit DWORD Value box, in Value data, type 0, and then click OK.
This value enables connections at the level that allows connections from computers running any version of Remote Desktop. - To implement the change, restart the server remotely, as follows:
- Open a Command Prompt as an administrator: On the Start menu, right-click Command Prompt, and then click Run as administrator. In the User Account Control dialog box, provide Domain Admins credentials, and then click OK.
- At the command prompt, type the following command, and then press ENTER:
shutdown /m \\<DomainControllerName> /r
NOT: Firewall changes are sometimes required
HKLM\System\CCS\services\SharedAccess\Parameters\FirewallPolicy\
DomainProfile\GloballyOpenPort
3389:TCP:*:Enabled:RemoteDesktop
Now modify ‘Enabled’ to ‘Disabled’
HKLM\System\CCS\services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\GloballyOpenPort
3389:TCP:*:Enabled:RemoteDesktop
Now modify ‘Enabled’ to ‘Disabled’
