Life of a techno-guru
Thursday, March 30, 2006
  Script to enable RDP
Today I developed a script that enables RDP on a remote computer. Unfortunately the script was not designed to take alternate credentials when making the connection to WMI, although I may do that at some point. Here's the story on how I came up with it:
This morning, I was planning on installing Exchange onto a test Windows Server at home to experiment with some settings. I popped the CD for Exchange into the drive of the machine, and left for work thinking I was all set to go. Well, the problem is that I installed Windows at the last minute before going to bed last night, so I didn't configure any options, namely, to enable remote desktop connections. So then I get to work, find out that I can't connect to it, and figure that I will simply edit the registry as usual using regedit from one of my other machines. Boy was I wrong; for some reason, regedit wasn't properly taking alternate credentials, so I had no way to connect into the machine. I attempted connecting to the administrative share of the machine, and was successful, so I knew I could at least copy files to it, and also that I had the userID/password right. So then I decide that the only way I'm gonna get on that box is to do something through the command line. As far as I know, there's no way to import a section of the registry with a command-line (although I'm sure there is), but what I do know is that cscript is a command-line interpreter for WSH. So I went ahead and wrote out this script, ran into a couple of problems, fixed 'em, then used psexec from Sysinternals to execute the script using cscript from the command-line. The nice thing about psexec, is that it allows you to submit alternate credentials, and it worked flawlessly. So all in all, it was a bit more effort than was really necessary, but I had no other choice except to be physically in front of the machine. It pays off to know how to script in Windows (and *nix I'm sure), because if you find yourself in a pinch, you've always got a way to get yourself unstuck. So without further to do, here's the script:

NOTE: If you use a utility such as psexec or something else to execute it on a remote machine, to enable it on that machine, simply pass a "." as the argument, which is a substitute for "localhost" basically.
'Author: Trevor Sullivan
'Date: March 30th, 2006
'Purpose: enable remote desktop from a script. This script
'can be used with psexec or other remote command line
'utilities to enable RDP.
'Usage: [cscript | wscript] enableRDP.vbs
set args = Wscript.Arguments

if args.count <> 0 then
wscript.echo "Usage: [cscript] enableRDP.vbs "
end if

function enableRDP(pcname)
strNS = "root\default"
strcls = "stdRegProv"
strConn = "winmgmts:\\" & pcname & "\" & strNS &amp;amp; ":" & strcls
wscript.echo strConn

set objWMI = GetObject(strConn)
result = objWMI.SetDWORDValue(,"SYSTEM\CurrentControlSet\Control\Terminal Server","fDenyTSConnections","0")

wscript.echo result
end function

Wednesday, March 15, 2006
  Starbucks Coffee Break Day
Well, today I stopped into Starbucks before work as usual, and I was kindly told that today, March 15th was the first day that Starbucks is going to host free coffee between the hours of 10am and 12pm! It sounds like a great promotion for them, and I'll bet Starbucks shops nationwide will be packed with people between those hours.
Tuesday, March 07, 2006
  L2TP Tunneling in Windows Server 2003
Well, I'm looking for a method of replacing a Cisco VPN implementation with the built-in Windows Server 2003 Routing and Remote Access service, which provides a secure VPN tunnel end-point. As far as I know, PPTP tunnels are insecure and generally not recommended, so I'm looking for information on how to implement the L2T protocol. From my research so far, I've learned that you must use certificate authentication and encryption; the problem with this, is that I haven't had a lot of experience using digital certificates in Windows (or any o/s for that matter). Once I get some additional information about this, I'll write up a small guide for other system administrators out there that need to get a secure, and more easily managable VPN solution in place. A lot of you out there may ask why I'd like to replace a Cisco PIX VPN solution with a Windows RRAS solution. Well, the primary reason is that Windows is plenty secure when configured properly, and because using Windows authentication for VPN purges the need to manage two separate user databases.
My life of learning various things about technology including network administration, development, and 3D design

Location: Chicago, Illinois, United States
January 2006 / February 2006 / March 2006 / May 2006 / June 2006 / July 2006 / August 2006 / September 2006 / October 2006 / November 2006 / December 2006 / January 2007 / February 2007 / March 2007 / April 2007 / May 2007 / June 2007 / August 2007 / December 2007 / January 2008 / March 2008 / April 2008 / June 2008 / July 2008 / September 2008 / December 2008 / January 2009 / February 2009 / March 2009 / May 2009 /

Powered by Blogger