Jim, I have posted this on WindowsScript out on MSN but, I should post it
here.
There are two things you need.
1. You need to add a group or a user into each systems local Remote Desktop
group.
2. You need to enable Remote Destop and if needed, broadcast which systems
are running it via the Browse feature in the Remote Connections tool.
No worries, I have both.
First, are all systems on a domain, if so you can place these items that are
needed in the \\domain\netlogon folder. A batch file can run the required
updates to make you remote systems except connections.
___First Create a batch file in the \\.\netlogon folder.
Add these lines in there. (I have added spaces to keep this html from making
boggy links in here.)
You can find which system has a net logon folder by looking at each one in
network neighb hood.
@regedit /s \\ . pdcSYSTEM\ NETLOGON\ ts.reg
@wscript \\ .pdcSYSTEM \ NETLOGON \ rduser.vbs
___Second:
Create the ts.reg file in notepad.
-----------------------
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server]
"fDenyTSConnections"=dword:00000000
"TSAdvertise"=dword:00000001
"TSEnabled"=dword:00000001
"TSUserEnabled"=dword:00000000
"fAllowToGetHelp"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal
Server\Licensing Core]
"EnableConcurrentSessions"=dword:00000001
-------------------------
___Third:
Create the rduser.vbs in notepad.
'---------------------------------
On Error Resume Next
' Domain admins will be added to each local system.
' If you have a different group(Recommended) add it instead.
' Comment a line by adding a ' to the front of it.
Set ws = WScript.CreateObject("WScript.Shell")
compname = ws.ExpandEnvironmentStrings("%COMPUTERNAME%")
udomain = ws.ExpandEnvironmentStrings("%USERDOMAIN%")
Set adGrp = GetObject("WinNT://" & compname & "/Remote Desktop Users,group")
'add domain groups to local admin group
adGrp.Add ("WinNT://" & udomain & "/Domain Admins,group")
'adGrp.Add ("WinNT://" & udomain & "/_Administration - Information
Systems,group")
'-----------------------------------------
___Forth:
If your users have to select control - Alt - Del to log on to the domain, go
to each in AD and select the Profile tab.
Under logon script, type in you batch files name (logon.bat) or what ever
you named it.
Keep in mind, you only have to put in the file name, no paths.
Batch files will run on 9x and aboth, CDM files will run on NT and above;
that's why I used a batch file, I could care less, I wanted coverage and if
they get a new system I am covered.
What you get is the ability to view all XP and Windows 2003 systems on your
network via the Remote Connection tool under Assesor./commo. This is great
for remote admin of a system. You may also want to add your domain admin
into each systems admin group to facilitate remote admin with admin rights.
NOTE WindowsXP SP2 will allow you to remotely connect and not boot off the
person; 2 sessions. At present, it only allows one so, plan around this
until SP2 hits the street. Windows 2003 already has this and, it runs full
blown Terminal Server so, it is pretty cool.
Security should be on TCP port 3389 for a number of systems open over the
internet, you can modify the ts.reg but, it will have to be by system basis.
you can have 3389 thru 4005 open and to connect over a WAN you'd have to
tell it the port; as in WANIP:internal port.
Anyway, if ya need more let me know.
Tim M.
