The other day I set up a new workstation for an employee in a remote office. We are a small company so I usually have new computers shipped to me in our main office where I configure them before shipping them out. In a hurry to get the XP machine out the door I did everything else except enable remote desktop. I’ve done this several times.
Of course as soon as the computer arrived the remote user had an issue with something that needed to be tweaked. I think I had neglected to set up his profile in Outlook. He didn’t want me to walk him through the steps on the phone so he went to lunch and left the machine on for me to work on remotely. That’s when I discovered I couldn’t get into it.
We’re on a Microsoft domain here. The computer had been joined to the domain before it left the building. The remote location is on a VPN and also has a domain controller there. Having a domain controller in the remote office is not a requirement but you must be able to ’see’ the computers in the remote office through Active Directory.
There is a way to enable the remote desktop feature but it took forever to find it and take care of the issue before the employee returned. You might be able to use this little trick sometime so I’ll post it here. There’s probably more than one way to do this but here is how it worked for me.
The first step is to make sure you are logged on as a user that has domain admin privileges. Logging on to a Server 2003 as the administrator works just fine. Next launch the registry editor and open the registry on the remote computer using File – Connect Network Registry.
Navigate to the remote computer in Active Directory and browse to this registry key:
Change the fDenyTSConnection DWord value to 0 to enable Remote Desktop.
Exit regedit and do a remote reboot from a command prompt window:
shutdown -m \\computername -r
Give the remote computer a few minutes to reboot. You can now do a Remote Desktop session to the computer in the remote office. If you are unable to get into the remote computer via the registry editor then you might have to temporarily disable the Microsoft firewall.
You can disable the Windows firewall service remotely by using ’Services’ under the Administrative Tools. Use ‘Connect to another computer’ from the Action pull-down menu. This only works in a Microsoft domain setting so don’t go thinking you can hack into XP computers all over the Internet if you just happen to know their IP address.
I’m sure I’ve left out all kinds of details but this is the basic method to remotely enable Remote Desktop on Windows XP computers in a Microsoft domain. Questions? I will be happy to clarify in the comments.
Tim Malone, MCSE